How can I see the malware activity on my network?
Answers
-
Once you have provisioned the vApp in your enviornment and spanned the switch port of your production DNS server to the DNS Firewall, it will start seeing the outgoing DNS queries from your network. If any of the queries registers a "hit" with the list of known bad domains (or IP addresses) tracked by the DNS firewall, you will see a corresponding RPZ log entry on the DNS firewall logs. Trace of the malware activity will also be captured by the reporting appliance. Over time (in a few hours or so) a report of the Top RPZ hits as well as Top Infected clients will be available to you when you log into the DNS firewall.
0
Categories
- All Categories
- 5.1K Forums
- 4.6K Critical Network Services
- 463 Security
- Visibility and Insights
- Ideas Portal
- Webinars & Events
- 266 Resources
- 266 News & Announcements
- Knowledge Base Articles
- Infoblox Documentation Portal
- Infoblox Blog
- Support Portal
- 4 Members Hub
- 4 Getting Started with Community
- Community Support