4 Replies Latest reply on Jan 21, 2014 7:55 AM by petersimmons

    HIPS Custom Signature to Catch DNS Requests to Malicious Domains

    epository

      We don't log DNS requests here.

       

      The DNS Blocking feature of Firewall is not logged centrally..but I really want to see machines trying to resolve .cn and .ru domains.

       

      Can this be set up in HIPS to record the URL or to at least pop on these events?

       

      I know there are HIPS rules you can configure GET requests, but I want to catch beaconing malware which is usually sending out beacons..

       

      Does anyone have any ideas?