28 строки
715 B
YAML
Executable File
28 строки
715 B
YAML
Executable File
id: 74267de2-ff2e-415a-9e2a-5a99b471a1e2
|
|
name: Google DNS - Errors
|
|
description: |
|
|
'Query searches for DNS requests with errors.'
|
|
severity: Low
|
|
requiredDataConnectors:
|
|
- connectorId: GCPDNSDataConnector
|
|
dataTypes:
|
|
- GCPCloudDNS
|
|
tactics:
|
|
- CommandAndControl
|
|
relevantTechniques:
|
|
- T1095
|
|
query: |
|
|
GCPCloudDNS
|
|
| where TimeGenerated > ago(24h)
|
|
| where EventResultDetails != 'NOERROR'
|
|
| extend DNSCustomEntity = Query, IPCustomEntity = SrcIpAddr
|
|
entityMappings:
|
|
- entityType: DNS
|
|
fieldMappings:
|
|
- identifier: DomainName
|
|
columnName: DNSCustomEntity
|
|
- entityType: IP
|
|
fieldMappings:
|
|
- identifier: Address
|
|
columnName: IPCustomEntity
|