Cloudflared Tunnels Related DNS Requests (a1d9eec5-33b2-4177-8d24-27fe754d0812)

Detects DNS requests to Cloudflared tunnels domains. Attackers can abuse that feature to establish a reverse shell or persistence on a machine.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Cloudflared Tunnels Related DNS Requests (a1d9eec5-33b2-4177-8d24-27fe754d0812)	Sigma-Rules	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	1
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2