Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
'Identifies contacts with domains names in CommonSecurityLog that might have been generated by a Domain Generation Algorithm (DGA). DGAs can be used by malware to generate rendezvous points that are difficult to predict in advance. This detection uses the Alexa Top 1 million domain names to build a model of what normal domains look like. It uses this to identify domains that may have been randomly generated by an algorithm. The triThreshold is set to 500 - increase this to report on domains that
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Standalone Content |
| ID | 4acd3a04-2fad-4efc-8a4b-51476594cec4 |
| Severity | Medium |
| Kind | Scheduled |
| Tactics | CommandAndControl |
| Techniques | T1568 |
| Required Connectors | Zscaler, Barracuda, CEF, CheckPoint, CiscoASA, F5, Fortinet, PaloAltoNetworks |
| Source | View on GitHub |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊