SOC Prime Community
Support via Micro Focus Software Support, with a ticket filed against the associated product.
Micro Focus offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by Micro Focus of the Micro Focus community.
Micro Focus Community Content is provided by Micro Focus for the benefit of customers, support for it is not available via Micro Focus Software Support but through specific community content forums.
Community Contributed Content is provided by Micro Focus customers and supported by them.
DNS Security Check is a straightforward SIEM Use Case that easily finds DNS Misconfigurations and anomalies in corporate networks. Despite its maturity and long history, DNS protocol was not designed with security in mind and thus has many means of malicious exploitation. Methods to transfer non-DNS data over the protocol are called DNS tunneling and allow to obfuscate and transmit botnet C2 traffic or slowly exfiltrate data. DNS Security Check is a first and easy step towards DNS security in any organization. It detects, provides visual display and automatic alerts on the DNS packets addressed to non-corporate DNS servers, unusually large DNS packet sizes and even potential Fast-Flux DNS botnet traffic. Many threats related to DNS protocol abuse can be mitigated by secure network design, which is reflected in CISO brief for this Use Case.
✓Added SOC Dashboard
✓Added IP Flow events
✓Added “DNS Denied” panel to dashboards
✓Added detection of large DNS requests
✓Added detection of potential Fast flux DNS
Related content and resources
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox