DNS Security Check

204774

SOC Prime Community

App Support Tiers

MICRO FOCUS SUPPORTED

Support via Micro Focus Software Support, with a ticket filed against the associated product.

PARTNER

Micro Focus offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by Micro Focus of the Micro Focus community.

MICRO FOCUS COMMUNITY

Micro Focus Community Content is provided by Micro Focus for the benefit of customers, support for it is not available via Micro Focus Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by Micro Focus customers and supported by them.

SOC Prime | Community

DNS Security Check is a straightforward Use Case that easily finds DNS Misconfigurations and anomalies in network. Despite its maturity and long history, DNS protocol was not designed with security in mind and thus has many means of malicious exploitation.
643 downloads

Description

DNS Security Check is a straightforward SIEM Use Case that easily finds DNS Misconfigurations and anomalies in corporate networks. Despite its maturity and long history, DNS protocol was not designed with security in mind and thus has many means of malicious exploitation. Methods to transfer non-DNS data over the protocol are called DNS tunneling and allow to obfuscate and transmit botnet C2 traffic or slowly exfiltrate data. DNS Security Check is a first and easy step towards DNS security in any organization. It detects, provides visual display and automatic alerts on the DNS packets addressed to non-corporate DNS servers, unusually large DNS packet sizes and even potential Fast-Flux DNS botnet traffic. Many threats related to DNS protocol abuse can be mitigated by secure network design, which is reflected in CISO brief for this Use Case.

Minimum Requirements

Log Sources:



  • Firewall Logs: Cisco ASA; Cisco FWSM; CheckPoint Firewall; Palo Alto; Others 

  • Proxy Logs: Squid; BlueCoat Proxy; Microsoft Forefront TMG; Others

  • IPS/IDS Logs: TippingPoint; Snort; CheckPoint IPS; Suricata; Others   

Releases

Release
Size
Date
DNS Security Check 1.3
502.4 KB
  |  
Oct 2, 2017
More info Less info
Product compatibility
ESM
Version 7.0
Version 6.9.1 · 6.11.0
ESM Express
Version 6.9.1
Release notes

Version 1.3

    ✓Added SOC Dashboard

    ✓Added IP Flow events

    ✓Added “DNS Denied” panel to dashboards

Version 1.2

    ✓Added detection of large DNS requests

    ✓Added detection of potential Fast flux DNS

Version 1.0

    ✓Initial version.

Languages
English

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the Marketplace Terms of Service
Since you are downloading an app from the Micro Focus unified Marketplace using an Access Manager account, you need to also accept the Micro Focus Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox