Skip to content

Commit

Permalink
Add references to rules (cisco_umbrella_dns_rules) (#1002)
Browse files Browse the repository at this point in the history
  • Loading branch information
@akozlovets098
akozlovets098 authored Dec 11, 2023
1 parent e83cade commit bb28242
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions rules/cisco_umbrella_dns_rules/domain_blocked.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ Tags:
Severity: Low
Description: Monitor blocked domains
Runbook: Inspect the blocked domain and lookup for malware
Reference: https://support.umbrella.com/hc/en-us/articles/230563627-How-to-determine-if-a-domain-or-resource-is-being-blocked-using-Chrome-Net-Internals
SummaryAttributes:
- action
- internalIp
Expand Down
1 change: 1 addition & 0 deletions rules/cisco_umbrella_dns_rules/fuzzy_matching_domains.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ LogTypes:
Tags:
- Configuration Required
- DNS
Reference: https://umbrella.cisco.com/blog/abcs-of-dns
Severity: Medium
Description: Identify lookups to suspicious domains that could indicate a phishing attack.
Runbook: >
Expand Down
1 change: 1 addition & 0 deletions rules/cisco_umbrella_dns_rules/suspicious_domains.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ LogTypes:
Tags:
- DNS
- Configuration Required
Reference: https://umbrella.cisco.com/blog/abcs-of-dns
Severity: Low
Description: Monitor suspicious or known malicious domains
Runbook: Inspect the domain and check the host for other indicators of compromise
Expand Down

0 comments on commit bb28242

Please sign in to comment.