Table explanation
- _time
- The timestamp
- Process
- The process name
- Host
- The host name
- Request
- The DNS request
- Responses
- The DNS response(s)
- Response types
- The DNS response type(s)
- > 52 chars
- Tests whether the DNS host name contains more than 52 chars
- > 27 unique chars
- Tests whether the DNS host name contains more than 27 unique chars
- No/empty response
- Tests whether the response is either not available or empty (e.g., SOA)
- TXT record
- Tests for the uncommon response type TXT
- High entropy
- Tests the DNS request for high entropy based on Shannon entropy