View DNS queries in ECAT
We need to find wich processes or programs are doing DNS requests.
We tried to use ECAT and it show only some system requests (svchost.exe and ntoskrnl.exe) using UDP 53.
We tried using wmi get process to check childprocess and no success
ECAT also showed some modules with network acess/too many connections. We are analysing this modules.
Is there a way that ECAT would help with this investigation?
- Community Thread
- Forum Thread
- RSA NetWitness Endpoint
- RSA NetWitness Platform