Scalable stream processing platform for advanced realtime analytics on top of Kafka and Spark. LogIsland also supports MQTT and Kafka Streams (Flink being in the roadmap). The platform does complex event processing and is suitable for time series analysis. A large set of valuable ready to use processors, data sources and sinks are available.
DNS tunneling is a method to bypass security controls and exfiltrate data from a targeted
organization. Choose any endpoint on your organization’s network, using nslookup,
perform an A record lookup for www.sans.org. If it resolves with the site’s IP address,
that endpoint is susceptible to DNS Tunneling. Logging DNS transactions from different
sources such as network taps and the DNS servers themselves can generate large volumes
of data to investigate. Using Splunk can help ingest the large volume of log data and
mine the information to determine what malicious actors may be using DNS tunneling
techniques on the target organizations network. This paper will guide the reader in
building a lab network to test and understand different DNS tunneling tools. Then use
Splunk and Splunk Stream to collect the data and detect the DNS tunneling techniques.
The reader will be able apply to what they learn to any enterprise network.
mathieu-rossignol
commented
6 years ago
https://www.sans.org/reading-room/whitepapers/malicious/splunk-detect-dns-tunneling-37022
DNS tunneling is a method to bypass security controls and exfiltrate data from a targeted organization. Choose any endpoint on your organization’s network, using nslookup, perform an A record lookup for www.sans.org. If it resolves with the site’s IP address, that endpoint is susceptible to DNS Tunneling. Logging DNS transactions from different sources such as network taps and the DNS servers themselves can generate large volumes of data to investigate. Using Splunk can help ingest the large volume of log data and mine the information to determine what malicious actors may be using DNS tunneling techniques on the target organizations network. This paper will guide the reader in building a lab network to test and understand different DNS tunneling tools. Then use Splunk and Splunk Stream to collect the data and detect the DNS tunneling techniques. The reader will be able apply to what they learn to any enterprise network.