Hello QRadar Community,
Expanding our offering of Google Cloud integrations, I’m happy to announce that we have released a new DSM with Google Cloud Platform – Cloud DNS!
Cloud DNS is a reliable, resilient, low latency Domain Name System (DNS) service running on the same infrastructure as Google.
Read more about Google Cloud DNS here : https://cloud.google.com/dns
IBM and Google Cloud mutual customers can now bring in Cloud DNS logs directly to QRadar and leverage our correlation and threat detection capabilities.
DNS is often a target for attackers, and this integration provides immense security value for DNS Monitoring and to prevent common attacks such as :
- DNS Poisoning
DNS Cache Poisoning or DNS Spoofing is a form of cyber-attack in which attackers modify the DNS cache of a website and redirect users to the wrong website. .
- DDoS and DNS Amplification
Distributed Denial of Service (DDoS) attack aims to crash a system by overwhelming it with multiple requests in a short space of time.
DNS Amplification is a form of DDoS attack in which an attacker starts exploiting vulnerabilities in DNS Servers initially though small queries, amplifying them into much larger requests to eventually crash the victim’s servers.
Check out our DSM guide for instructions on how to configure : https://www.ibm.com/docs/en/dsm?topic=configuration-google-cloud-platform-cloud-dns
Shoutout to Divya Negi from the QRadar Integrations development team for bringing this project to fruition.
Thanks for reading, and feel free to reach out for any questions!
Gaurav Sharma,
Product Manager, IBM QRadar