Are you absolutely sure your servers are using an internal DNS server?
Other DNS sources only tell half the story. With Corelight, you'll see everything on the wire whether it's going to your DNS server or some off-site DNS server. Learn how to leverage the correlated, comprehensive Corelight dns.log in Splunk to accelerate threat hunting.
In this short, technical video you'll:
Gain a deeper view into Corelight's dns.logs
Get DNS basics, including DNSSec, recursive queries, and TTL values
Learn to threat hunt and identify anomalous DNS activity with dns.logs
