DNS Threat Detected
Last updated on:
In this page
About the rule
Rule Type
Standard
Rule Description
This rule detects malicious DNS requests or responses flagged by ATP.
Severity
Trouble
Rule Requirement
Criteria
Action1: actionname = "DETECTION_ACTION_SOPHOS_DNS_THREAT_DETECTED" select Action1.HOSTNAME,Action1.MSG_ID,Action1.COMPONENT,Action1.TYPE,Action1.SUBTYPE,Action1.DEVICETYPE,Action1.MESSAGE,Action1.SOURCE_IP,Action1.ACTION
Detection
Execution Mode
realtime
Log Sources
Sophos
