IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

DNS Analyzer automatically detect malicious domains

  • 1.  DNS Analyzer automatically detect malicious domains

    Posted Mon November 16, 2020 11:31 AM

    Hello,

    I've started playing a bit with DNS Analyzer, we don't ave any QNI and then we can just rely on DHCP Events from our DNS Server, the question is:

    Is there a way to dinamically fill the DNS blacklist in order to detect malicious domains connections?

    I've seen that there's an integration with Threat Intelligence but I don't understand how integrate the two applications.



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: DNS Analyzer automatically detect malicious domains

    Posted Sun November 22, 2020 06:13 AM

    Hey,

    You can get a Threat Intelligence service that will give you blacklisted domains. You can create a rule to add those Domains to a reference set and then create another rule that matches the elements from that reference set to the DNS queries in the logs of your DNS server.



    #QRadar
    #Support
    #SupportMigration


Related Content