Reply

show original client IP address not IP of infoblox in cisco firepower

elbeshti
Techie
Posts: 2
3777     0

hi 

 

kindly i need support to find out how to show original client IP address sending malware activity in cisco firepower instead of showing IP address of Infoblox DNS 

Re: show original client IP address not IP of infoblox in cisco firepower

Ingmar Community Manager
Community Manager
Posts: 66
3778     0

Hi,

 

Can you please elaborate on your question as it is hard to figure out what information you are trying to display in Firepower?

 

If you want to know the source IP of a DNS request that gets flagged because it goes to a known malicious IP or domains then Firerpower will need to modified to understand EDNS client subnet data. This data contains information about the client that makes the query. Unlike regular DNS which only has the source IP of the last hop. Infoblox supports EDNS client subnet data on NIOS 8.1 and later.

 

 

Re: show original client IP address not IP of infoblox in cisco firepower

elbeshti
Techie
Posts: 2
3778     0
HI

i want to know the source IP of a DNS request that gets flagged because it goes to a known malicious IP or domains.





________________________________

The information contained in this e-mail, and any attachment, is confidential and is intended solely for the use of the intended recipient. Access, copying or re-use of the e-mail or any attachment, or any information contained therein, by any other person is not authorized. If you are not the intended recipient please return the e-mail to the sender and delete it from your computer. Thank you for your cooperation.
Showing results for 
Search instead for 
Do you mean 

Recommended for You