Posts tagged "{tag}": #dns

Sysmon Event ID 22: DNS queries, C2 domains and exfiltration

Using Sysmon's DNS-query event for hunting — process-attributed domain lookups, spotting C2 and DGA domains, DNS tunnelling, and the fields that make it useful.

6/21/2026

evtxdfirsysmondns