DNS Security Check is a straightforward SIEM Use Case that easily finds DNS Misconfigurations and anomalies in corporate networks. Despite its maturity and long history, DNS protocol was not designed with security in mind and thus has many means of malicious exploitation. Methods to transfer non-DNS data over the protocol are called DNS tunneling and allow to obfuscate and transmit botnet C2 traffic or slowly exfiltrate data. DNS Security Check is a first and easy step towards DNS security in any organization. It detects, provides visual display and automatic alerts on the DNS packets addressed to non-corporate DNS servers, unusually large DNS packet sizes and even potential Fast-Flux DNS botnet traffic. Many threats related to DNS protocol abuse can be mitigated by secure network design, which is reflected in CISO brief for this Use Case.
✓Added SOC Dashboard
✓Added IP Flow events
✓Added “DNS Denied” panel to dashboards
✓Added detection of large DNS requests
✓Added detection of potential Fast flux DNS
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox