Detection rules › Kusto Query Language
Google Threat Intelligence - Threat Hunting Domain
'Google Threat Intelligence domain correlation.'
MITRE ATT&CK coverage
| Tactic | Techniques |
|---|---|
| Command & Control | T1071 Application Layer Protocol |
Event coverage
| Provider | Event ID | Title |
|---|---|---|
| Sysmon | 22 | DNSEvent (DNS query) |
Stages and Predicates
Stage 1: source
_Im_Dns
Stage 2: where
DnsQuery is_not_null