diff --git a/sigma/pipelines/crowdstrike/crowdstrike.py b/sigma/pipelines/crowdstrike/crowdstrike.py
index 7719a8f..639bfed 100644
--- a/sigma/pipelines/crowdstrike/crowdstrike.py
+++ b/sigma/pipelines/crowdstrike/crowdstrike.py
@@ -73,15 +73,6 @@ def crowdstrike_fdr_pipeline():
                     logsource_windows_network_connection(),
                 ]
             ),
-            ProcessingItem(
-                identifier="cs_network_connection_fieldmapping",
-                transformation=FieldMappingTransformation({
-                    "QueryName": "DomainName",
-                }),
-                rule_conditions=[
-                    logsource_windows_dns_query(),
-                ]
-            ),
             ProcessingItem(
                 identifier="cs_network_connection_drop_initiated",
                 transformation=DropDetectionItemTransformation(),
@@ -104,6 +95,38 @@ def crowdstrike_fdr_pipeline():
                 ]
             ),
 
+            # DNS Requests
+            ProcessingItem(
+                identifier="cs_dns_query_eventtype",
+                transformation=AddConditionTransformation({
+                    "event_simpleName": "DnsRequest",
+                }),
+                rule_conditions=[
+                    logsource_windows_dns_query(),
+                ]
+            ),
+            ProcessingItem(
+                identifier="cs_dns_query_fieldmapping",
+                transformation=FieldMappingTransformation({
+                    "QueryName": "DomainName",
+                    "QueryResults": "IP4Records",
+                }),
+                rule_conditions=[
+                    logsource_windows_dns_query(),
+                ]
+            ),
+            ProcessingItem(
+                identifier="cs_dns_query_logsource",
+                transformation=ChangeLogsourceTransformation(
+                    category="dns_query",
+                    product="windows",
+                    service="crowdstrike",
+                ),
+                rule_conditions=[
+                    logsource_windows_dns_query(),
+                ]
+            ),
+
             # ParentBaseFileName handling
             ProcessingItem(
                 identifier="cs_parentbasefilename_fail_completepath",
diff --git a/tests/test_processing_pipelines_crowdstrike.py b/tests/test_processing_pipelines_crowdstrike.py
index 4a40c6a..dbe3baa 100644
--- a/tests/test_processing_pipelines_crowdstrike.py
+++ b/tests/test_processing_pipelines_crowdstrike.py
@@ -86,6 +86,20 @@ def incoming_network_connection_sigma_rule():
             condition: sel
     """)
 
+@pytest.fixture
+def dns_query_sigma_rule():
+    return SigmaCollection.from_yaml("""
+        title: DNS Query Test
+        status: test
+        logsource:
+            category: dns_query
+            product: windows
+        detection:
+            sel:
+                QueryName: test.invalid
+            condition: sel
+    """)
+
 def test_crowdstrike_pipeline(resolver : ProcessingPipelineResolver, process_creation_sigma_rule):
     pipeline = resolver.resolve_pipeline("crowdstrike")
     backend = TextQueryTestBackend(pipeline)
@@ -111,3 +125,8 @@ def test_crowdstrike_network_connect_incoming(resolver : ProcessingPipelineResol
     pipeline = resolver.resolve_pipeline("crowdstrike")
     backend = TextQueryTestBackend(pipeline)
     assert backend.convert(incoming_network_connection_sigma_rule) == ["event_simpleName=\"NetworkReceiveAcceptIP4\" and RemoteAddressIP4=\"1.2.3.4\""]
+
+def test_crowdstrike_dns_query(resolver : ProcessingPipelineResolver, dns_query_sigma_rule):
+    pipeline = resolver.resolve_pipeline("crowdstrike")
+    backend = TextQueryTestBackend(pipeline)
+    assert backend.convert(dns_query_sigma_rule) == ["event_simpleName=\"DnsRequest\" and DomainName=\"test.invalid\""]
\ No newline at end of file