Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
'The length of a DNS query can often be an indicator of suspicious activity. Typical domain name lengths are short, whereas the domain name query used for data exfiltration or tunneling can often be very large in size. This is because they could be encoded using base 64/32 etc. The hunting query looks for Names that are more than 150 characters in length. Due to a lot of services using long DNS to communicate via procedurally generated long domain names, this can be problematic, so a number of k
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Windows Server DNS |
| ID | a0954a17-cc66-4d47-9651-8bf524bbdcc8 |
| Tactics | CommandAndControl, Exfiltration |
| Techniques | T1568, T1008, T1048 |
| Required Connectors | DNS |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DnsEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊