Re: Stop Logging DNS Reputation traffic

phoenix220820 · ‎2023-03-21

Is there a way to stop the Firewall Logging the DNS Reputations traffic.

We are using a SIEM System and we see alot of DNS Reputation traffic and was wondering if there is a way to stop the Firewall Logging this traffic between certain Source and Destination IP Addresses.

I have checked adding in a Exception in the Threat Prevention Policy but there is no option for DNS Reputation or DNS Trap.

We do not want to disable DNS Trap just stop logging the traffic between certain Source and Destination IP Addresses.

Chris_Atkinson · ‎2023-03-21

Have you explored the filtering options with Log Exporter, or are you using another method for output of the logs to your SIEM?

Refer sk122323

CCSM R77/R80/ELITE

phoenix220820 · ‎2023-03-21

We are wanting to stop logging this traffic on the Firewall, so we do not see these Logs in "Logs & Monitor"

the_rock · ‎2023-03-21

Is this what you might be looking for? I just picked random protection, but you get the idea...

Andy

phoenix220820 · ‎2023-03-22

Something like that or even adding an Exception in the Threat Prevention Policy.

phoenix220820 · ‎2023-03-24

Hi

Instead if there a way to disable DNS Trap between certain IP Addresses?

phoenix220820 · ‎2023-03-24

Is there a way to disable DNS Trap between certain IP Addresses?

Chris_Atkinson · ‎2023-03-24

Just to confirm you've configured DNS malware trap to be aware of your DNS servers so as to not flag those correct?

CCSM R77/R80/ELITE

Are you a member of CheckMates?

Stop Logging DNS Reputation traffic