LoFP / legitimate dns queries and usage of put.io

Techniques

Sample rules

DNS Query To Put.io - DNS Client

• source: sigma
• technicques:

Description

Detects DNS queries for subdomains related to “Put.io” sharing website.

Detection logic

condition: selection
selection:
  EventID: 3008
  QueryName|contains:
  - api.put.io
  - upload.put.io