Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This rule creates an alert when multiple clients report errors for the same DNS query. This helps in identifying possible similar C2 communications originating from different clients. It utilizes ASIM normalization and is applied to any source that supports the ASIM DNS schema.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | DNS Essentials |
| ID | 5b8344eb-fa28-4ac3-bcff-bc19d5d63089 |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | CommandAndControl |
| Techniques | T1568, T1573, T1008 |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊