Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Blason_R
Leader
Leader

Can we export DNS domains or hostnames from Threat prevention report to sinkhole?

Hi There,

I am seeing lot of DNS requests are being detected hence wondering if we can export those domain names or hostnames in CSV format so that those can be sinkhole or how can I put those queries in Prevent mode since I am not seeing any Policy for blocking DNS requests.

Thanks and Regards,

Blason R

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
4 Replies
PhoneBoy
Admin
Admin

You can probably take the relevant log entries and export them with SmartView.

Write a script to pull out the domains and either:

0 Kudos
Blason_R
Leader
Leader

Nah that is not happening..Smart log in R80.x only allows to export 50 entries while Smart View does not give option to filter the logs based on Protection.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
PhoneBoy
Admin
Admin

In any case, we don't allow export of data directly from ThreatCloud.

SmartLog will allow export of more than 50 lines, you just have to make the logs visible first Smiley Happy

Even so, you could probably take fw log output of the relevant log, "grep" for the data you want, then process it as above.

0 Kudos
Blason_R
Leader
Leader

Yes that's what I need to do by using bash scripts!! Thanks for the help Smiley Happy

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events