DNS Data Exfiltration detected

%3CLINGO-SUB%20id%3D%22lingo-sub-1039773%22%20slang%3D%22en-US%22%3EDNS%20Data%20Exfiltration%20detected%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1039773%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20our%20DNS%20servers%20in%20AWS%20cloud.%20During%20penetration%20testing%20DNS%20data%20ex-filtration%20was%20detected%20in%20our%20environment.%20Can%20MSATA%20detect%2C%20prevent%20and%20report%20this%3F%20Currently%20we%20dont%20have%20SIEM%20enabled%20on%20MSATA%20or%20do%20we%20have%20Syslog%20server.%20Will%20enabling%20SIEM%20and%20having%20syslog%20can%20identify%20the%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1039773%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdvanced%20Threat%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1040010%22%20slang%3D%22en-US%22%3ERe%3A%20DNS%20Data%20Exfiltration%20detected%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1040010%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F418102%22%20target%3D%22_blank%22%3E%40anishkk79%3C%2FA%3E%26nbsp%3BNo%2C%20but%20AATP%20might.%3C%2FP%3E%0A%3CP%3ESee%20this%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-exfiltration-alerts%23suspicious-communication-over-dns-external-id-2031%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-exfiltration-alerts%23suspicious-communication-over-dns-external-id-2031%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

We have our DNS servers in AWS cloud. During penetration testing DNS data ex-filtration was detected in our environment. Can MSATA detect, prevent and report this? Currently we dont have SIEM enabled on MSATA or do we have Syslog server. Will enabling SIEM and having syslog can identify the issue.

 

Thanks

1 Reply