Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Identifies clients with a high reverse DNS counts that could be carrying out reconnaissance or discovery activity. Alerts are generated if the IP performing such reverse DNS lookups was not seen doing so in the preceding 7-day period.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Windows Server DNS |
| ID | 15ae38a2-2e29-48f7-883f-863fb25a5a06 |
| Severity | Medium |
| Status | Available |
| Kind | Scheduled |
| Tactics | Discovery |
| Techniques | T1046 |
| Required Connectors | DNS |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DnsEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊