Using Bro to detect DNS lookups in given timeframe

Does Bro have anything built-in for the following scenario:

  • Detecting if a network device is looking up over 50 DNS entries in a 1 hour timeframe

Samson Hille

IT Security Analyst