Suspicious communication over DNS

%3CLINGO-SUB%20id%3D%22lingo-sub-1020040%22%20slang%3D%22en-US%22%3ESuspicious%20communication%20over%20DNS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1020040%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20received%20a%20message%20mentioning%26nbsp%3B%3CSTRONG%3ESuspicious%20communication%20over%20DNS%20in%20my%20ATP.%20%3C%2FSTRONG%3EWhy%20I%20am%20getting%20this%20error%3F%20While%20checking%20the%20activity%20different%20host%20name%20which%20does%20not%20belong%20to%20my%20organization%20is%20displayed.%20How%20to%20analyze%20this%20issue%3F%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F158059i42DAD1324EFC5720%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_2.png%22%20title%3D%22clipboard_image_2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1020181%22%20slang%3D%22en-US%22%3ERe%3A%20Suspicious%20communication%20over%20DNS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1020181%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F462992%22%20target%3D%22_blank%22%3E%40Reninraj%3C%2FA%3E%26nbsp%3B%2C%20export%20the%20alert%20to%20excel%2C%20you%20will%20get%20more%20details%20about%20those%20source%20machines.%3C%2FP%3E%0A%3CP%3EAnd%20see%20this%20guide%20for%20more%20details%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-exfiltration-alerts%23suspicious-communication-over-dns-external-id-2031%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-exfiltration-alerts%23suspicious-communication-over-dns-external-id-2031%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

I have received a message mentioning Suspicious communication over DNS in my ATP. Why I am getting this error? While checking the activity different host name which does not belong to my organization is displayed. How to analyze this issue?

clipboard_image_2.png

1 Reply
Highlighted

@Reninraj , export the alert to excel, you will get more details about those source machines.

And see this guide for more details:

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-exfiltration-alerts#suspicious...