Update lateral_movement_dns_server_overflow.toml
This commit is contained in:
Justin Ibarra
@@ -20,7 +20,7 @@ false_positives = [
|
||||
index = ["packetbeat-*", "filebeat-*"]
|
||||
language = "kuery"
|
||||
license = "Elastic License"
|
||||
name = "Abnormally Large DNS Request"
|
||||
name = "Abnormally Large DNS Response"
|
||||
note = """### Investigating Large DNS Responses
|
||||
Detection alerts from this rule indicate an attempt was made to exploit CVE-2020-1350 (SigRed) through the use of large DNS responses on a Windows DNS server. Here are some possible avenues of investigation:
|
||||
- Investigate any corresponding Intrusion Detection Signatures (IDS) alerts that can validate this detection alert.
|
||||
|
||||
Reference in New Issue
Block a user