Security Analytics for DNS logs

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): 2.8

Describe the issue: I am ingesting BIND logs from Linux DNS server and I have parsed those using logstash. Since I wanted to use security analytics and rules pertaininig to DNS wondering what common schema should I follow? Should I use ECS or any other so that my rules will start matching the logs?


Relevant Logs or Screenshots:

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.