Please enable JavaScript.
Coggle requires JavaScript to display documents.
Sunday Musing, DNS, Enrichment, HTTP, SMTP - Coggle Diagram
Sunday Musing
DNS
Attacks
CnC
DGA
Fast Flux / Double Fast Flux
DNS Recon
DNS Tunneling
Detection
Low Frequency Score
Newly Observed Domain
Newly Created Domains
High Vol. NXDOMAIN /
TXT / DNS requests
Enrichment
Domain Stats
Frequency Score
Alexa Top 1m
Logging
Traditional
Windows DNS Debug
DNS Analytical Log
BIND Debug Logging
Network Extraction
Bro DNS
Protocol
Enrichment
Threat Feed
Collective Intelligence Framework
Critical Stack
Open Threat Exchange
GeoIP Lookup
ASN
Connection
Type
DSL
Corporate
Cellular
DNS
Forward DNS
Reverse DNS
Alexa Top 1m
HTTP
Detection
GET / POST per source
scanning
botnet / C2
SQL injection
Status Codes
404 Not Found
200 OK
Very Long URL Length
User-agent
Enrichment
URL length
Frequency Scoring
Geo ASN
Log Sources
Outgoing
Web Proxy
IDS
Bro / PacketBeat / Suricata
Incoming
Webservers
nginx, apache, tomcat
WAF
Bro / PacketBeat / Suricata
SMTP
Inbound
IMAP (TCP/143)
POP3 (TCP/110)
External use of key employee names
Influx of emails
Domain Typosquatting
Outbound
SMTP (TCP/25)
Authorized Source Devices
Monitoring user-agents
SMTP Clipping levels