Detect Windows DNS Sigred Via Splunk Stream
This search detects SIGRed via Splunk Stream.
This content is not mapped to any local saved search. Add mapping
Detect Windows DNS Sigred Via Splunk Stream Help
You must be ingesting Splunk Stream DNS and Splunk Stream TCP. We are detecting SIG and KEY records via stream:dns and TCP payload over 65KB in size via stream:tcp. Replace the macro definitions ('stream:dns' and 'stream:tcp') with configurations for your Splunk environment.
Open in Search