06-10-2018 06:08 PM
kindly i need support to find out how to show original client IP address sending malware activity in cisco firepower instead of showing IP address of Infoblox DNS
06-12-2018 02:57 PM
Can you please elaborate on your question as it is hard to figure out what information you are trying to display in Firepower?
If you want to know the source IP of a DNS request that gets flagged because it goes to a known malicious IP or domains then Firerpower will need to modified to understand EDNS client subnet data. This data contains information about the client that makes the query. Unlike regular DNS which only has the source IP of the last hop. Infoblox supports EDNS client subnet data on NIOS 8.1 and later.
06-13-2018 06:35 PM
i want to know the source IP of a DNS request that gets flagged because it goes to a known malicious IP or domains.
The information contained in this e-mail, and any attachment, is confidential and is intended solely for the use of the intended recipient. Access, copying or re-use of the e-mail or any attachment, or any information contained therein, by any other person is not authorized. If you are not the intended recipient please return the e-mail to the sender and delete it from your computer. Thank you for your cooperation.