IBM QRadarJoin this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.
By now most of you are familiar with both DNS Analyzer and QRadar Network Insights. But did you know that QRadar Network Insights automatically analyzes, extracts and feeds DNS Analyzer with the data DNS Analyzer needs?
Getting DNS logs can be a challenge and let’s face it, not all DNS traffic is resolved by our servers. Since Network Insights already provides details on every DNS Request and DNS Response traversing our networks this data is already available in QRadar. So once you install DNS Analyzer it simply starts pulling that data in to help detect Domain Generation Algorithms, Squatting and DNS tunneling.
Jose Bravo recently deployed QNI with DNS Analyzer and created this video showing how even a small amount of DGA or DNS tunneling can be detected within volumes of normal DNS traffic.
https://youtu.be/YLCoMn7awMM
Copy
By
Tom Obremski
posted