QRadar DNS Analyzer app
The IBM QRadar DNS Analyzer application provides insights into your local DNS traffic by identifying malicious activity and allowing your security team to be able to detect Domain Generated Algorithm (DGA), tunneling, or squatting domains that are being accessed from within your network. Utilizing QNI flows or logs with domain information from other devices such as DNS servers (BIND), proxies, Apache web servers or other BIND compatible devices you will be able to detect and monitor outbound requests to malicious sites. With the DNS Analyzer dashboard and drill down capabilities, your team can identify DNS trends and investigate activity such as squatting attempts. By enabling INDEXING with the admin account, the performance of the app can also be improved.
To learn more about the QRadar DNS Analyzer app, visit QRadar DNS Analyzer app on Security Learning Academy (https://www.securitylearningacademy.com/enrol/index.php?id=3714).