Chart explanation
- Chart purpose
- Microsoft Window's
nslookup.exe
can be abused to exfiltrate data through DNS. The chart helps to identify the exfiltration by listing its parent processes and the command-line.
Click on an entity to get a drilldown.
- Tag
- uberAgent's TDE comes with a rule to identify the above. The rule's tag is the default for the chart filter.
You may customize the existing rule or create your own. If you do the latter, you can specify your rule's tag as the chart filter.