Managing domain Allow list and Deny list

Use domain allow list to allow access to selected outside domains, and use domain deny list to block access to selected outside domains.

Procedure

  1. Click DNS Analyzer on the QRadar Console.
  2. Click Domain Filtering.
    Figure 1. QRadar DNS Analyzer Domain filtering page
    QRadar DNS Analyzer Domain filtering page
  3. In the Domain Filtering section, type a search string in Domain Filtering to dynamically search for your keywords.
  4. In the Allow list section, configure the following settings:
    Option Description

    Plus icon (+)

    Click to add a domain or a list of domains.
    1. Type a comma-separated list of domain names.
    2. Click Add or press the Enter key to apply changes.
    3. Click Cancel to cancel the operation.

    Sort

    Click to select the list arrangement method.
    • Sort by name ascending
    • Sort by name descending
    Check mark icon (✓)

    Click to select the entire list.

  5. In the Deny list section, configure the following settings:
    Option Description

    Plus icon (+)

    Click to add a domain or a list of domains.
    1. Type a comma-separated list of domain names.
    2. Click Add or press the Enter key to apply changes.
    3. Click Cancel to cancel the operation.

    Sort

    Click to select the list arrangement method.
    • Sort by name ascending
    • Sort by name descending
    Check mark icon (✓)

    Click to select the entire list.

  6. Optional: Click one of multiple domain names you want to delete, and then click Delete.