detection.wiki

Detection rules › Sigma

Failed DNS Zone Transfer

Severity
medium
Author
Zach Mathis
Source
upstream

Detects when a DNS zone transfer failed.

MITRE ATT&CK coverage

TacticTechniques
ReconnaissanceT1590.002 Gather Victim Network Information: DNS

Event coverage

ProviderEvent IDTitle
DNS-Server-Service6004The DNS server received a zone transfer request from param1 for a non-existent or non-authoritative zone param2.

Stages and Predicates

Stage 1: selection