This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
ScottPause
Beginner
Beginner
‎2012-02-24 04:48 PM

Example: Unapproved Internet DNS Queries

Attached is a correlation rule (the logic anyway) for alerting on internet bound DNS queries, which may be indicitive of malware or policy violation.

 

Keep in mind you may trigger lots of alerts initially.  Customize as you need.

 

Preview file
8 KB
0 Likes
Reply
0 Replies
© 2020 RSA Security LLC or its affiliates.
All rights reserved.