Interpreting the DNS Threat Filter report
Freshman Member
Please help me understand what the following report means and how I can fix the problem. The client IP address in the report is the address of our internal domain controller DNS server. It is set as the primary DNS address on the client computers. Both the endpoints and the servers have endpoint-side antivirus. Where do I start? Should I look for malicious applications on internal computers?
All Replies
-
You can check the DNS Threat Filter information in SecuReporter.
Please go to SecuReporter > Analysis > Security Indicator > DNS Threat Filter, scroll down to DNS Threat Filter Hit Detail, and click the by Source IP tab, it display the Hits counters by Source IP, and if you click on the IP address, the page will display the complete information of the Source IP that encounter DNS Threat Filter.
0
Zyxel Employee
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 168 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 366 USG FLEX H Series
- 293 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.7K Consumer Product
- 265 Service & License
- 408 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight
