I see a blocked event due to "Threat Intelligence Feed" on the analytics tab. How can I find the specific DNS lookup that triggered that block without going one-by-one on the "log" tab?
4replies
Calvin_Hobbes
yesterday
Reported - view
Have you tried exporting the logs to look through them? I don’t know if the export includes the block reason but maybe it does.
Jeronimo
17 hrs ago
Reported - view
I just did a download and you get a full list in ***.csv format use a filter to search in the complete file "blocked"
But I doubt if you will find the "Threat Intelligence Feed" listed in the log I couldn't find it in my logs
Jeronimo
18 hrs ago
Reported - view
"Block domains known to spread malware, cause phishing attacks and host command-and-control servers using a mix of the most reputable feeds of attack information - all updated in real time."
I suspect this is completely automatic but you could turn on the filter blocked dns in the log tab and export that list, then use notepad++ to read this log and look for these feeds