Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Freeware & Evaluations

Reply

How can I see the malware activity on my network?

Guru
Posts: 26
2957     0
 

Once you have provisioned the

Not applicable
Posts: 5
2958     0

Once you have provisioned the vApp in your enviornment and spanned the switch port of your production DNS server to the DNS Firewall, it will start seeing the outgoing DNS queries from your network. If any of the queries registers a "hit" with the list of known bad domains (or IP addresses) tracked by the DNS firewall, you will see a corresponding RPZ log entry on the DNS firewall logs. Trace of the malware activity will also be captured by the reporting appliance. Over time (in a few hours or so) a report of the Top RPZ hits as well as Top Infected clients will be available to you when you log into the DNS firewall. 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You