Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This rule identifies clients with high reverse DNS counts, which could be carrying out reconnaissance or discovery activity. This helps in detecting the possible initial phases of an attack, like discovery and reconnaissance. It utilizes ASIM normalization and is applied to any source that supports the ASIM DNS schema.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | DNS Essentials |
| ID | 77b7c820-5f60-4779-8bdb-f06e21add5f1 |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | Reconnaissance |
| Techniques | T1590 |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊