AnsweredAssumed Answered

Is there a way to force the Whois lookup to occur?

Question asked by jAMES HERBST on Sep 27, 2016
Latest reply on Sep 29, 2016 by Miha Mesojedec

I've had the Whois lookup service configured now for over a week and have yet to see it perform an actual lookup for Automated Threat Detection (CnC traffic).  I've put gone through all the troubleshooting steps found here; Alerting: Troubleshoot Automated Threat Detection but I don't see any of the counters moving in the ESA Explorer View. The proxy is configured, the warm up period has long been over, I have a whitelist setup, and so on.  

 

Whois Service in Explorer View

 

Automated Threat Detection ESA Configurations

 

C2 Aggreate Rule is Enabled

 

 

Does anyone have any ideas?  I forgot to add that Live is configured and working.

 

 

Outcomes