1. Suspicious/Malicious DNS Queries
- What It is: Requests to the Domain Name System (DNS) to connect to malicious domains.
- Threat Indicators: High volume of queries, queries to known malicious domains, unusual query patterns.
- Where to Investigate: DNS logs, Endpoint Security Tools, Network Traffic Analysis, Threat Intelligence Platforms.
- Possible Actions: Monitor and Analyze DNS Traffic, Implement DNS Filtering, Update Security Software, Use Threat Intelligence, Network Segmentation, and Educate Users.
2. Detection of Suspicious/Malicious Activities in the Corporate Network
- What It is: Identifying and responding to actions compromising network security.
- Threat Indicators: Unusual traffic patterns, unexpected system behavior, unauthorized access attempts, security alerts.
- Where to Investigate: System and Network Logs, Security Tool Alerts, Endpoint Devices, User Account Activities.
- Possible Actions: Implement Strong Access Controls, Update Systems, Configure Security Solutions, Educate Users..
Views: 2
