IBM QRadar DNS Analyzer
The IBM QRadar DNS Analyzer application provides insights into your local DNS traffic by identifying malicious activity and allowing your security team to be able to detect Domain Generated Algorithm (DGA) or squatting domains that are being accessed from within your network. Utilising QNI flows or logs with domain information from other devices such as DNS servers (BIND), proxies, Apache webservers or other BIND compatible devices you will be able to detect and monitor outbound requests to malicious sites. With the DNS Analyzer dashboard and drill down capabilities, your team can identify DNS trends and investigate activity such as squatting attempts.
Download the QRadar DNS Analyzer Extension: