QRadar DNS Analyzer Courses (4):
This course provides an overview of IBM QRadar DNS Analyzer, which provides insights into your local DNS traffic by identifying malicious activity, and allowing your security team to detect Domain Generated Algorithm (DGA), tunneling, or squatting domains that are accessed from within your network. The DNS Analyzer also provides options to filter any domains using blacklists and whitelists.
The video defines prerequisites, and provides an architecture overview explaining how the application is integrated with IBM QRadar SIEM and IBM X-Force Exchange.
Utilizing QNI flows, or logs with domain information from other devices, such as DNS servers, proxies, Apache web servers, or other BIND compatible devices, you can detect and monitor outbound network traffic to potentially malicious sites. With the DNS Analyzer dashboard and drill down capabilities, your team can identify DNS trends and investigate activity such as squatting attempts.
The application is also integrated with the IBM QRadar Pulse and IBM QRadar User Behavior Analytics app.
This course provides an overview of the domain squatting technique and how IBM QRadar DNS Analyzer can help with early detection of that type of DNS traffic. Domain squatting is a technique used by hackers to register and use domains that are similar
to a legitimate domain. Hackers use those domains to inject malware through phishing and other methods such as typo-squatting.
The video also demonstrates how the DNS Analyzer app detects and reports on squatting domains.
The DNS Analyzer app uses two types of filters that improve processing of the analytics algorithms. The first type of filter is based on the IBM X-Force Threat Intelligence feed, and the second is based on filtering lists built into DNS Analyzer, where
you can add any domain to the whitelist or the blacklist. The video also demonstrates how DNS Analyzer reports a blacklisted domain.
The video also demonstrates how the DNS Analyzer app reports the blacklisted domain.