/
DNS detections
Document toolboxDocument toolbox

DNS detections

Owned by Former user (Deleted)
Last updated: Sept 07, 2023
2 min read

 

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks.

Source table → domains.all

Detect a domain with a TLD, not in Mozilla TLD List.

Source table → domains.all

Unusual User Agent length detected. It can be associated with some type of attack or vulnerability.

Source table → domains.all

The REvil Ransomware has hit 40 service providers globally due to multiple Kaseya VSA Zero-days. the attack was pushed out via a infected IT Management update from Kaseya.

Source table → domains.all

Too long subdomains could be part of Application Layer Protocols.

Source table → network.dns

Related content

Release 24 - Out-of-the-box alerts
Release 24 - Out-of-the-box alerts
Devo latest
More like this
Platform alert pack: DNS
Platform alert pack: DNS
Devo latest
More like this
Platform alert pack: Possible Exchange Server RCE (ProxyNotShell)
Platform alert pack: Possible Exchange Server RCE (ProxyNotShell)
Devo latest
More like this
DNS tab
DNS tab
Devo v7.12.0
More like this
DNS tab
DNS tab
Devo v7.10.0
More like this
Release 25 - Out-of-the-box alerts
Release 25 - Out-of-the-box alerts
Devo latest
More like this