DNS Exfiltration Indicators
Detects DNS queries with abnormally long subdomains (80+ chars) — indicator of DNS tunneling used for C2 or data exfiltration.
Detects DNS queries with abnormally long subdomains (80+ chars) — indicator of DNS tunneling used for C2 or data exfiltration.