DNS Query Requests Resolved By Unauthorized DNS Servers
This search will detect DNS requests resolved by unauthorized DNS servers. Legitimate DNS servers should be identified in the Enterprise Security Assets and Identity Framework.
DNS Query Requests Resolved By Unauthorized DNS Servers Help
To successfully implement this search you will need to ensure that DNS data is populating the Network_Resolution data model. It also requires that your DNS servers are identified correctly in the Assets and Identity table of Enterprise Security.
Open in Search