Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This rule makes use of the series decompose anomaly method to identify clients with high reverse DNS counts. This helps in detecting the possible initial phases of an attack, like discovery and reconnaissance. It utilizes ASIM normalization and is applied to any source that supports the ASIM DNS schema.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | DNS Essentials |
| ID | 0fe6bde4-b215-480c-99b4-84a96edcdbd7 |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | Reconnaissance |
| Techniques | T1590 |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊