Use domain allow list to allow access to selected outside domains, and use domain
deny list to block access to selected outside domains.
Procedure
-
Click DNS Analyzer on the QRadar Console.
-
Click Domain Filtering.
Figure 1. QRadar DNS Analyzer Domain filtering page
- In the Domain Filtering section, type a search string in
Domain Filtering to dynamically search for your keywords.
- In the Allow list section, configure the following
settings:
Option |
Description |
Plus icon (+)
|
Click to add a domain or a list of domains.
- Type a comma-separated list of domain names.
- Click Add or press the Enter key to apply
changes.
- Click Cancel to cancel the operation.
|
Sort
|
Click to select the list arrangement method.
- Sort by name ascending
- Sort by name descending
|
Check mark icon (✓) |
Click to select the entire list.
|
- In the Deny list section, configure the following
settings:
Option |
Description |
Plus icon (+)
|
Click to add a domain or a list of domains.
- Type a comma-separated list of domain names.
- Click Add or press the Enter key to apply
changes.
- Click Cancel to cancel the operation.
|
Sort
|
Click to select the list arrangement method.
- Sort by name ascending
- Sort by name descending
|
Check mark icon (✓) |
Click to select the entire list.
|
- Optional: Click one of multiple domain names you want to delete, and then
click Delete.