Does anyone know if there is a table that correlates to the local dnschache? I have been through schema 3.3.2 several times and must be reading over it. I basically want to query the dnscache to see if there are domains that the user/system has recently resolved and see if they match the IOCs I am targeting.

Which OS?

I I technically need all 3 - Linux, MAC and Windows - but I will take whatever I can get at this point.

Not thru the dnscache but there is table created in PolyLogyx Extension (Windows only) that tracks all the DNS requests as well as resolutions..

I'll have to look into that. Thanks!