cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Blason_R
Copper

Can we export DNS domains or hostnames from Threat prevention report to sinkhole?

Hi There,

I am seeing lot of DNS requests are being detected hence wondering if we can export those domain names or hostnames in CSV format so that those can be sinkhole or how can I put those queries in Prevent mode since I am not seeing any Policy for blocking DNS requests.

Thanks and Regards,

Blason R

4 Replies
Admin
Admin

Re: Can we export DNS domains or hostnames from Threat prevention report to sinkhole?

You can probably take the relevant log entries and export them with SmartView.

Write a script to pull out the domains and either:

0 Kudos
Blason_R
Copper

Re: Can we export DNS domains or hostnames from Threat prevention report to sinkhole?

Nah that is not happening..Smart log in R80.x only allows to export 50 entries while Smart View does not give option to filter the logs based on Protection.

0 Kudos
Admin
Admin

Re: Can we export DNS domains or hostnames from Threat prevention report to sinkhole?

In any case, we don't allow export of data directly from ThreatCloud.

SmartLog will allow export of more than 50 lines, you just have to make the logs visible first Smiley Happy

Even so, you could probably take fw log output of the relevant log, "grep" for the data you want, then process it as above.

0 Kudos
Blason_R
Copper

Re: Can we export DNS domains or hostnames from Threat prevention report to sinkhole?

Yes that's what I need to do by using bash scripts!! Thanks for the help Smiley Happy