Detection rules › Kusto Query Language
RecordedFuture Threat Hunting Domain All Actors
'Recorded Future Threat Hunting domain correlation for all actors.'
MITRE ATT&CK coverage
| Tactic | Techniques |
|---|---|
| Initial Access | T1566 Phishing |
| Command & Control | T1568 Dynamic Resolution |
Event coverage
| Provider | Event ID | Title |
|---|---|---|
| Sysmon | 22 | DNSEvent (DNS query) |
Stages and Predicates
Stage 1: source
_Im_Dns
Stage 2: where
Domain is_not_null