Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

MDI loggs only few DNS queries

Brass Contributor

hi,

we depoyed MDI on our four DCs. Everything seems to work. Events are comming in, alerts are beeing generated. Yesterday I digged into DNS queries and it seems, as if only a few querys are logged by MDI. My expectation is, that every DNS query should be visible in MDI.

 

cheers kitty

1 Reply
I tested all four DCs with nslookup requests. They are not visible in the IdentityQueryEvents table. What am I missing?