DNS Query

dns_query

The DNS query object represents a specific request made to the Domain Name System (DNS) to retrieve information about a domain or perform a DNS operation. This object encapsulates the necessary attributes and methods to construct and send DNS queries, specify the query type (e.g., A, AAAA, MX).

Attributes

Caption	Name	Type	Description
Resource Record Class	`class`	String	The class of resource records being queried. See RFC1035. For example: `IN`.
Hostname	`hostname`	Hostname	Entity:`HOSTNAME` The hostname or domain being queried. For example: `www.example.com`
DNS Opcode	`opcode`	String	The DNS opcode specifies the type of the query message.
DNS Opcode ID	`opcode_id`	Integer	The DNS opcode ID specifies the normalized query message type as defined in RFC-5395. `0`: Query (`QUERY`) `1`: Inverse Query (`INVERSE_QUERY`) `2`: Status (`STATUS`) `3`: Reserved (`RESERVED`) `4`: Notify (`NOTIFY`) `5`: Update (`UPDATE`) `6`: DSO Message (`DSO_MESSAGE`) `99`: Other (`OTHER`)
Packet UID	`packet_uid`	Integer	The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Resource Record Type	`type`	String	The type of resource records being queried. See RFC1035. For example: A, AAAA, CNAME, MX, and NS.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

Relationships

Inbound Relationships

These objects and events reference DNS Query in their attributes:

Outbound Relationships

DNS Query references the following objects and events in its attributes:

Unmapped

This page describes ocsf-1.4.0

Updated 6 months ago