Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

BloxOne Threat Defense and Threat Intelligence



New Member
Posts: 1
1258     0

i added a suspicious domain to a local block list RPZ  on my local DNS. However, my local DNS is forwarding quries to the CSP, when i check  CSP, istill see that blocked domain in the logs, even though it's supposed to be blocked on my on-premises DNS. i am wondering why the CSP is receiving the query for that domain if it's blocked.

Re: Local RPZ VS CSP

Posts: 23
1259     0

Can you validate your RPZ setting is not in log-only mode?


Also are you using NIOS Grid Connector (NGC) to forward logs?

Showing results for 
Search instead for 
Did you mean: 

Recommended for You