Help
FortiSIEM Discussions
Taher11
New Contributor III

Created on ‎07-28-2023 05:25 AM

DNS server event monitoring

Hello,
I am running an AD on Windows Server 2019, and I would like Fortisiem to trigger any change or modification made on the DNS server ( adding a new record, deleting a record, etc ... ).

Fortisiem now polls event information from different DCs by using OMI.

 

EL MOUSTAPHA MOHAMED LEMINE TAHER
EL MOUSTAPHA MOHAMED LEMINE TAHER
561
0 Kudos
1 Solution
cdurkin_FTNT
Staff
Staff

Created on ‎07-28-2023 06:47 AM

There are two approaches for this... for your investigation

 

(1) Collect the DNS Audit Log: (Requires FortiSIEM Windows Agent)
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/d...)

Monitor the Specific DNS Auditing Event Log: Microsoft-Windows-DNSServer/Audit

 

(2) Native OS Logging: (Via Security Event Log, ok for OMI)
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/who-moved-the-dns-cheese-aud...

 

(1) is the best approach,  (2) will generate lots of events as a FYI..

 

View solution in original post

545
0 Kudos
2 REPLIES 2
cdurkin_FTNT
Staff
Staff

Created on ‎07-28-2023 06:47 AM

There are two approaches for this... for your investigation

 

(1) Collect the DNS Audit Log: (Requires FortiSIEM Windows Agent)
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/d...)

Monitor the Specific DNS Auditing Event Log: Microsoft-Windows-DNSServer/Audit

 

(2) Native OS Logging: (Via Security Event Log, ok for OMI)
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/who-moved-the-dns-cheese-aud...

 

(1) is the best approach,  (2) will generate lots of events as a FYI..

 

546
0 Kudos
Taher11
New Contributor III

Created on ‎07-31-2023 01:36 AM

Thank you for your feedback, I can appreciate more 

 

EL MOUSTAPHA MOHAMED LEMINE TAHER
EL MOUSTAPHA MOHAMED LEMINE TAHER
512
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.