Question & Answer
Question
This course is an overview of IBM QRadar DNS Analyzer, which provides insights into your local DNS traffic by identifying malicious activity, and allowing your security team to detect Domain Generated Algorithm (DGA), tunneling, or squatting domains that are accessed from within your network. The DNS Analyzer also provides options to filter any domains using deny lists and allow lists.
The video defines prerequisites, and provides an architecture overview explaining how the application is integrated with IBM QRadar SIEM and IBM X-Force Exchange.
Utilizing QNI flows, or logs with domain information from other devices, such as DNS servers, proxies, Apache web servers, or other BIND compatible devices, you can detect and monitor outbound network traffic to potentially malicious sites. With the DNS Analyzer dashboard and drill down capabilities, your team can identify DNS trends and investigate activity such as squatting attempts.
The application is also integrated with the IBM QRadar Pulse and IBM QRadar User Behavior Analytics app.
Duration: 7 Minutes
Follow the link in related information to view the course on the IBM Security Learning Academy
Answer
Related Information
Was this topic helpful?
Document Information
Modified date:
29 June 2022
UID
ibm11115373