Blacklisted Domain

Description

Triggered off of DNS and/or HTTP data, this anomaly compares domains that are visted against the internal UBA blacklist. If sites match, the anomaly is created.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection

Category

Endpoint Compromise, Threat Intelligence

Alert Volume

High (?)

SPL Difficulty

None

Journey

Stage 4

MITRE ATT&CK Tactics

Command and Control

MITRE ATT&CK Techniques

Custom Command and Control Protocol
Non-Application Layer Protocol
Application Layer Protocol

MITRE Threat Groups

APT29
APT3
APT32
APT37
Dragonfly 2.0
FIN6
Magic Hound
OilRig
PLATINUM
Rocke

Data Sources

Web Proxy