Analyzing DNS Traffic for Malicious Activity Using Open Source Logging Tools

DNS is the engine that makes the Internet work, converting recognizable names into IP addresses behind the scenes. Without DNS, the Internet as we know it would not exist. DNS tends to be a service that once configured, is often ignored. In today’s world of ongoing and evolving cyberattacks, DNS is often overlooked as a means of both detecting and mitigating network compromise. This talk will examine ways to analyze DNS traffic for signs of malicious activity, discuss ways to filter and secure DNS as well as examine how DNS data can be used to quickly identify compromised devices. We will examine a variety of tools used to analyze and uncover some common DNS attacks and network compromise including NXLog, Logstash, Graylog, Kibana and Elasticsearch.

Register Today!