Interpreting the DNS Threat Filter report
Freshman Member
Please help me understand what the following report means and how I can fix the problem. The client IP address in the report is the address of our internal domain controller DNS server. It is set as the primary DNS address on the client computers. Both the endpoints and the servers have endpoint-side antivirus. Where do I start? Should I look for malicious applications on internal computers?
All Replies
-
You can check the DNS Threat Filter information in SecuReporter.
Please go to SecuReporter > Analysis > Security Indicator > DNS Threat Filter, scroll down to DNS Threat Filter Hit Detail, and click the by Source IP tab, it display the Hits counters by Source IP, and if you click on the IP address, the page will display the complete information of the Source IP that encounter DNS Threat Filter.
1 -
Dear James, so I can really see the problem in more detail, but I still don't know what to do to fix it. I already knew from which IP address and where the requests were going, but there is no malicious application on the source computer. I have checked with several business endpoint protection software. Where do I look for the source of the problem?
0
Zyxel Employee
Categories
- All Categories
- 434 Beta Program
- 2.7K Nebula
- 174 Nebula Ideas
- 117 Nebula Status and Incidents
- 6.1K Security
- 418 USG FLEX H Series
- 297 Security Ideas
- 1.6K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 43 Wireless Ideas
- 6.7K Consumer Product
- 270 Service & License
- 416 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 87 Security Highlight
