Detecting DNS Beacons

113 views

Skip to first unread message

Buddha Man

unread,

Jul 9, 2019, 10:52:55 AM7/9/19

to security-onion

Hello All,

I know there's RITA out there. But I'm wondering if there's a way to do a Kibana DNS searche to detect long last DNS connections. I.E. DNSCAT.

Thanks,
Chris

Wes Lambert

unread,

Jul 9, 2019, 3:23:24 PM7/9/19

to securit...@googlegroups.com

Hi Chris,

I don't have any examples at the ready, but you may consider ee-outliers or Flare as an alternative to RITA.

Ex.

http://www.austintaylor.io/detect/beaconing/intrusion/detection/system/command/control/flare/elastic/stack/2017/06/10/detect-beaconing-with-flare-elasticsearch-and-intrusion-detection-systems/

Thanks,

Wes

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/63d80be2-8607-4c1a-afa5-ea124bcc14dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

https://twitter.com/therealwlambert

https://securityonion.net/

Reply all

Reply to author

Forward

0 new messages