I am facing a strange issue that i cannot see the malicious domains showed in SLR report (under DNS security section) in my firewall threat logs. i can see DNS queries trying to resolve some other domains.
But the interesting thing is, once i try to create SLR using same dumb file but selecting another country while generating the SLR in portal, i can see another malicious domain access and this domain is available in threat logs.
I am wondering why different info just by selecting different countries while generating. Other informations are same.
Also is malware family is something SLR auto populates by considering the malware family these domains mostly use ?. Because the malware family info cannot be seen in threat logs
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!