Skip to content

Commit 7ede824

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #294270 from austinmccollum/patch-1
clarify AMA DNS extension and prereqs
2 parents e3148ac + 33c1b0c commit 7ede824

File tree

1 file changed

+5
-4
lines changed

1 file changed

+5
-4
lines changed

articles/sentinel/connect-dns-ama.md

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,16 +19,17 @@ DNS is a widely used protocol, which maps between host names and computer readab
1919
While some mechanisms were introduced to improve the overall security of this protocol, DNS servers are still a highly targeted service. Organizations can monitor DNS logs to better understand network activity, and to identify suspicious behavior or attacks targeting resources within the network. The **Windows DNS Events via AMA** connector provides this type of visibility. For example, use the connector to identify clients that try to resolve malicious domain names, view and monitor request loads on DNS servers, or view dynamic DNS registration failures.
2020

2121
> [!NOTE]
22-
> The Windows DNS Events via AMA connector currently supports analytic event activities only.
22+
> The Windows DNS Events via AMA connector only supports analytical log events.
2323
2424
## Prerequisites
2525

2626
Before you begin, verify that you have:
2727

2828
- A Log Analytics workspace enabled for Microsoft Sentinel.
29-
- The Windows Server DNS solution installed on your workspace.
30-
- Windows Server 2012 R2 with auditing hotfix and later.
31-
- A Windows DNS Server.
29+
- The **Windows DNS Events via AMA** data connector installed as part of the **Windows Server DNS** solution from content hub.
30+
- Windows server 2016 and later supported, or Windows Server 2012 R2 with the auditing hotfix.
31+
- DNS server role installed with **DNS-Server** analytical event logs enabled.
32+
DNS analytical event logs aren't enabled by default. For more information, see [Enable analytical event logging](/windows-server/networking/dns/dns-logging-and-diagnostics#enable-analytical-event-logging).
3233

3334
To collect events from any system that isn't an Azure virtual machine, ensure that [Azure Arc](/azure/azure-monitor/agents/azure-monitor-agent-manage) is installed. Install and enable Azure Arc before you enable the Azure Monitor Agent-based connector. This requirement includes:
3435

0 commit comments

Comments
 (0)