DNS Query Requests Resolved By Unauthorized DNS Servers

Description

This search will detect DNS requests resolved by unauthorized DNS servers. Legitimate DNS servers should be identified in the Enterprise Security Assets and Identity Framework.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Compliance

Category

Compliance

Alert Volume

This search will detect DNS requests resolved by unauthorized DNS servers. Legitimate DNS servers should be identified in the Enterprise Security Assets and Identity Framework.

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Techniques

Application Layer Protocol

DNS

MITRE Threat Groups

APT18
APT39
APT41
Cobalt Group
FIN7
Ke3chang
OilRig
Tropic Trooper

Kill Chain Phases

Command and Control

Data Sources

DNS

   Help

DNS Query Requests Resolved By Unauthorized DNS Servers Help

To successfully implement this search you will need to ensure that DNS data is populating the Network_Resolution data model. It also requires that your DNS servers are identified correctly in the Assets and Identity table of Enterprise Security.

   Search

Open in Search