Possible DNS Tunneling or Data Exfiltration Activity (ASIM DNS Solution)

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Typical domain name lengths are short, whereas domain name queries used for data exfiltration or tunneling can often be very large in size. The hunting query looks for DNS queries that are more than 150 characters long.

Attribute	Value
Type	Hunting Query
Solution	DNS Essentials
ID	74e8773c-dfa9-45ca-bb60-5d767303e5b3
Tactics	CommandAndControl, Exfiltration
Techniques	T1568, T1008, T1048
Source	View on GitHub

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to DNS Essentials