Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Some top level domains (TLDs) are more commonly associated with malware for a range of reasons - including how easy domains on these TLDs are to obtain. Many of these may be undesirable from an enterprise policy perspective. You can update and extend the list of TLD's you wish to search for. The NameCount column provides an initial insight into how widespread the domain usage is across the environment.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | Windows Server DNS |
| ID | 8e9c4680-8c0b-4885-b183-3b09efd8fc2c |
| Tactics | CommandAndControl, Exfiltration |
| Techniques | T1568, T1008, T1048 |
| Required Connectors | DNS |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DnsEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊