Hi all,I can't seem to find a good intrusion rule to detect DNSCAT2 tunneling traffic. I've set up a working DNSCAT2 tunnel, and copied all DNS traffic with a SPAN port to a passive interface on our FTD.Then created a dedicated rule with application ...