Skip to content

cis_2_1_24 — Defender for DNS not enabled

Summary

Severity: Medium · Pillar: Network · Chain role: ENABLER

Description

Defender for DNS detects suspicious DNS queries including communication with command-and-control servers, data exfiltration via DNS tunneling, and domain generation algorithms.

Mapping

Framework Control / Reference
NIST 800-53 SC-7
NIST 800-207
CIS Azure 2.1.24
MITRE ATT&CK Technique T1071
MITRE ATT&CK Tactic Command and Control
Zero-Trust Tenet
Framework tags cis-azure-2.0, nist-800-53

Source

Rule defined at policies/azure/cis/defender/cis_2_1_24.rego.

View on GitHub