Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Is it possible to exclude specific NTA events from DNS resolution?

Hi all,

As per title really, basically we received an alert over a month ago now due to Solarwinds sending a Reverse DNS lookup for a known malware site.

This appears to have been triggered due to Solarwinds seeing traffic to the malware site, and since trying to periodically resolve it.

We have managed to clear the route of the issue, but as the event still lives in Solarwinds, it still periodically tries to resovle the IP, which then triggers the alert from the Firewall.

So my question is, can you select somewhere for an endpoint not to be resolved under Persistent DNS setup in NTA?

Thanks

Find more posts tagged with

Accepted answers

All comments

coupe2t

Anyone at all? These alerts are really getting annoying!

coupe2t

We've now this morning just had another trojan alert, so I am now worried that this is going to create the same DNS reverse lookups on a weekly basis for this alert. This problem could then continue to keep growing. Must be something I can do here to stop it, apart from removing the Solarwinds events, which I would rather not do as we would like to maintian our history etc.

cjfranca

You can to see in settings>nta settings> DNS resolutions , mabe have a possibility.

coupe2t

Yeah I had a look there but I couldn't see anything, short of changing the DNS to an option other than persistent, but I don't want to do that. Would just like to be able to add some exclusions.

Thanks though.