Re: Can we export DNS domains or hostnames from Th...

Blason_R · ‎2019-02-05

Hi There,

I am seeing lot of DNS requests are being detected hence wondering if we can export those domain names or hostnames in CSV format so that those can be sinkhole or how can I put those queries in Prevent mode since I am not seeing any Policy for blocking DNS requests.

Thanks and Regards,

Blason R

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

PhoneBoy · ‎2019-02-08

You can probably take the relevant log entries and export them with SmartView.

Write a script to pull out the domains and either:

Add them to your Threat Prevention profile via the APIs
Create a custom feed that your gateways import with this data, e.g. What is "Custom Intelligence Feeds" feature?

Blason_R · ‎2019-02-27

Nah that is not happening..Smart log in R80.x only allows to export 50 entries while Smart View does not give option to filter the logs based on Protection.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

PhoneBoy · ‎2019-02-27

In any case, we don't allow export of data directly from ThreatCloud.

SmartLog will allow export of more than 50 lines, you just have to make the logs visible first

Even so, you could probably take fw log output of the relevant log, "grep" for the data you want, then process it as above.

Blason_R · ‎2019-02-27

Yes that's what I need to do by using bash scripts!! Thanks for the help

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

Are you a member of CheckMates?

Can we export DNS domains or hostnames from Threat prevention report to sinkhole?