Detect malicious traffic on your network and get detailed reports.
Download and install DNSeye VM appliance
Get In Touch
Protect all your users at DNS level from harmful contents of the internet with the help of AI.
14 days free trial
Start Your Free Trial
Most advanced dynamic cyber threat intelligence for deep dive domain analysis.
No registration required
Get Your First Analysis
Solution by need

Find the Real Machine that Generates Malicious DNS Traffic

Problem

Client IP addresses vary, so they are not suitable for retroactive verification. They should be enriched with constant knowledge about computers and users. To address this shortcoming, the DNS log in the SIEM product can be enriched with the triple correlation rules of the DHCP and AD security protocols. However, it is not easy to collect logs from these scattered sources and correlate them. Moreover, importing all these logs directly into the SIEM product increases the number of EPS and the number of correlations. This has a negative impact on the cost of the product license.

DNSSense's Solution

DNSEye allows you to collect logs from many different brands and models of DNS servers, such as Microsoft DNS, Infoblox, BIND, Bluecat, EfficientIP, F5, Citrix, without having to change your network topology. The DNS Visibility Host Discovery feature detects the real device and user corresponding to the IP address. Reading the DHCP log finds out which machine is currently using the IP address. Active Directory, by reading the security log, detects the IP address of the user whois logged in. The log enriched with these features is made meaningful and forwarded to the SOC teams. DNSSense performs this correlation automatically. It is enough to introduce these log sources into the system.