(Co Authored by Rob Mead (Microsoft Threat Intelligence Center), Kumar Ashutosh and Vithalprasad Gaitonde (Windows DNS Server)
Overview
DNS queries and responses are a key data source used by network defenders in support of incident response as well as intrusion discovery. If these transactions are collected for processing and analytics in a big data system, they can enable a number of valuable security analytic scenarios. An exercise to this end was conducted with Microsoft internal DNS systems...(read more)![]()
↧