IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Potential DGA Activity
editPotential DGA Activity
editA population analysis machine learning job detected potential DGA (domain generation algorithm) activity. Such activity is often used by malware command and control (C2) channels. This machine learning job looks for a source IP address making DNS requests that have an aggregate high probability of being DGA activity.
Rule type: machine_learning
Rule indices: None
Severity: low
Risk score: 21
Runs every: 15m
Searches indices from: now-45m (Date Math format, see also Additional look-back time
)
Maximum alerts per execution: 100
References:
Tags:
- Use Case: Domain Generation Algorithm Detection
- Rule Type: ML
- Rule Type: Machine Learning
- Tactic: Command and Control
Version: 1
Rule authors:
- Elastic
Rule license: Elastic License v2
Investigation guide
editFramework: MITRE ATT&CKTM
-
Tactic:
- Name: Command and Control
- ID: TA0011
- Reference URL: https://attack.mitre.org/tactics/TA0011/
-
Technique:
- Name: Dynamic Resolution
- ID: T1568
- Reference URL: https://attack.mitre.org/techniques/T1568/