100250 event_type=ioc_dns_traffic A1-01 [PROD] DNS query to malicious domain (IOC traffic indicator) soc_prod,a1,ioc, T1071.004 100250 event_type=ioc_domain_match A1-02 [PROD] DNS IOC domain match from threat intelligence feed soc_prod,a1,ioc, T1568