.svg){kind=logo}
|
Date |
|
|---|---|
|
Focus |
Policy Engine and expanding our integrations to Splunk Enterprise, Splunk Phantom |
What’s New!
Policy Engine
-
The objective of this feature is to provide a flexible interface to define policies for acceptable and unacceptable DNS traffic.
-
Will help to automatically take the action to either “Allow” or “Block” given traffic, based on over two dozen criteria types (including but not limited to Domain, Open Ports, IP Country as a few examples).
-
Flexible and/or logic can be applied, to string criteria together
-
Implements automation, to reduce the data that would otherwise require manual sifting, which in turn will save time.
Integrations
Splunk Enterprise
-
EnforceDNS for Splunk allows a Splunk® Enterprise administrator to run Protect queries from an included dashboard, as well as through search commands.
Splunk Phantom
-
EnforceDNS for SOAR/Phantom implements investigative actions that return EnforceDNS Verdict for the given Indicators
Bug
-
A few domains were incorrectly blocked due to the host portion of FQDNs - particularly ones related to SSL certificates.
-
Resolution: Tuning was performed to adjust to the incoming false positives and should no longer pose a problem.
-