Changed title and description
This commit is contained in:
Florian Roth
@@ -1,6 +1,6 @@
|
||||
title: DNS C2 Detection
|
||||
title: Possible DNS Tunneling
|
||||
status: experimental
|
||||
description: Normally, there exists a limited amount of different dns queries for a single domain. If a huge number of dns queries were performed for a single domain, this can be an indicator that DNS is used for transferring data.
|
||||
description: Normally, DNS logs contain a limited amount of different dns queries for a single domain. This rule detects a high amount of queries for a single domain, which can be an indicator that DNS is used to transfer data.
|
||||
references:
|
||||
- https://zeltser.com/c2-dns-tunneling/
|
||||
- https://patrick-bareiss.com/detect-c2-traffic-over-dns-using-sigma/
|
||||
|
||||
Reference in New Issue
Block a user