Use case of DNS tunneling


#1

Hi Team,

Do we have free plugin (intel feed) to validate malicious DNS communication.

this is the query-

_fetch * from event where $dstport=53 group count_unique $dstip limit 100. i want to validate dstip to communicate with malicous domain or not.


#2

Hi @pravin_singh,

Yes, there is a plugin that can assist you!

You can integrate the Domain Tools plugin, make sure you have a look at our integrations page as well, where we have segregated all the available plugins as per their use within the cybersecurity pipeline: For example:

  • Data Enrichment
  • Threat Validation
  • Response

Available SOAR Integration Plugins


#3

Thanks Jessica. Domain Tools plugin is paid version intel. is there any free one available for integration. i checked integration page and only virustoal is availble for validation. do we have other plugin for the same.


#4

VirusTotal is the only one for now.