Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

BloxOne Threat Defense and Threat Intelligence

Reply

For RPZ policy actions, are there real life use examples for each?
BounniW
Authority
Posts: 18

‎07-23-2022 03:49 AM

1404     0

Hi;

 

For Block (NXDOMAIN), Block (NODATA) and Substitute (DOMAIN), where would you use each action and why?

 

Kindly

Wasfi

Labels:
Reply
0 Kudos

Re: For RPZ policy actions, are there real life use examples for each?
aralvidra02
Superuser
Posts: 105

‎08-12-2022 04:22 AM

1404     0

Hi,

 

In my opinion this is totally options and how you want to override the response.

 

in my use case any rpz rules hits will redirect to a landing page which contain information about why this domain is blocked but this is mostly for domain that usually access by user - category filter (like adult domain, gambling domain, phishing etc)

 

but for domain that categorized as malware or ransomware i will choose to use nxdomain or nodata because the domain is not intentionally query or access by the user, but mostly queried by malware in the background so we dont need redirect to landing page.

 

 

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements

Infoblox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community