This view is available with Lacework data share v.1 and later.
This view provides raw historic data about DNS queries.
Lacework regularly monitors for DNS queries in your environment and returns a row in the DNS_QUERY_V view when Lacework detects a DNS query.
Each row contains DNS Query information as listed in the columns.
| Column Name | Data Type | Description |
|---|---|---|
| CREATED_TIME | Timestamp | The time and date when the DNS query was detected by Lacework. |
| MID | Number | The Lacework-generated machine identifier of the machine that generated the query. |
| FQDN | Text | The fully qualified domain name of DNS server. |
| HOST_IP_ADDR | Text | The IP address of the machine that generated the query. |
| TTL | Number | The time to live for the DNS query before the query expires. |
| DNS_SERVER_IP | Text | The resulting IP address of the DNS query. |