Forum Discussion
Pranesh1060
Aug 20, 2020Brass Contributor
Excessive lookup queries from DNS
Hello Experts, From last 2 weeks or so we have been getting a lot of DNS lookup queries and events are being generated since the endpoints are trying to connect to random suspicious domains via t...
wootts
Oct 08, 2020Iron Contributor
Hi Team
I am just wondering when the DNS lookup was put into preview in ASC and thus reports into Sentinel. As per below - see alot of this associated with
1 - attempted communications with suspicious sinkholed domain
2 - network intrusion detections signature activated
they come hand in hand (as you would expect) but trying to establish the rationale for ASC reporting these and trying to establish the base for it is proving somewhat difficult. any suggestions would be great - tks all