Tag: logging

DNS traffic monitoring for malicious activity

DNS traffic on port 53, is not suspicious on itself. But we can conclude that only dns servers should communicate outside to different dns servers in a closed environment.In an open environment we will be looking for malicious dns url’s.Endpoint pc’s, users computers do not need to communicate directly with outside dns queries on port 53….

IBM Qradar SIEM Audit

With 7.2.7 Patch came some simple and much needed searches which were already a part of Qradar capabilities , but wasn’t accessible  easily nor did you have any predefined searches to run . After updating to 7.2.7 and installing extensions like PCI , those audit  searches will show up :  After a quick view on those predefined…