Detect Windows DNS Sigred Via Splunk Stream

Description

This search detects SIGRed via Splunk Stream.

   Help

Detect Windows DNS Sigred Via Splunk Stream Help

You must be ingesting Splunk Stream DNS and Splunk Stream TCP. We are detecting SIG and KEY records via stream:dns and TCP payload over 65KB in size via stream:tcp. Replace the macro definitions ('stream:dns' and 'stream:tcp') with configurations for your Splunk environment.

   Search

Open in Search