Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

suspicious DNS traffic rule

We have recently added checkpoint and the "suspicious DNS traffic" rule is triggering incidents. We have identified the DC as per the templates but are trying to decrease incidents.

Find more posts tagged with

suspicious dns

dns

Accepted answers

curtisi

2016-06-13 08_21_52-SolarWinds Log & Event Manager.png

All comments

curtisi

It sounds like you've already started modifying the Approved DNS Servers User Defined Group, so is there traffic in/out on port 53 to any other devices?

marcusmm8

yes i have setup all my DCs but i still see traffic in/out on port 53 ... thoughts?

curtisi

Go to nDepth, and do a search for TCPTrafficAudit.DestinationPort = 53 AND TCPTrafficAudit.DestinationMachine =/= Approved DNS Server UDG

What comes up?

marcusmm8

Can I use a connector group vs a UDG for approved DNS server?