Skill UI

This skill provides a comprehensive framework for detecting data exfiltration attempts that utilize DNS tunneling. It analyzes DNS logs for anomalies such as high Shannon entropy in subdomains, excessive query volume, abnormal query lengths, and misuse of TXT/CNAME records. It is ideal for SOC analysts and security engineers building advanced threat detection rules and performing threat hunting.