IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
By now most of you are familiar with both DNS Analyzer and QRadar Network Insights. But did you know that QRadar Network Insights automatically analyzes, extracts and feeds DNS Analyzer with the data DNS Analyzer needs?
Getting DNS logs can be a challenge and let’s face it, not all DNS traffic is resolved by our servers. Since Network Insights already provides details on every DNS Request and DNS Response traversing our networks this data is already available in QRadar. So once you install DNS Analyzer it simply starts pulling that data in to help detect Domain Generation Algorithms, Squatting and DNS tunneling.
Jose Bravo recently deployed QNI with DNS Analyzer and created this video showing how even a small amount of DGA or DNS tunneling can be detected within volumes of normal DNS traffic.
https://youtu.be/YLCoMn7awMM
By
Tom Obremski
posted