Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

DNS query in threat intelligence of Enterprise Security

rossikwan
Path Finder
‎10-02-2019 01:23 AM

Hi,

Configured the proxy for retrieving threat intelligence in Enterprise Security and its succesfully retrieved those feed.

As the local Splunk server DNS query will be stopped for external Internet name query soon, I am in doubt that the retrival of the threat intelligence will be failed as the Enterprise Security can't have the DNS query results from the proxy server.

Will it need to keep the local Splunk server have the external DNS query in order to have the retrieving threat intelligence succesful?

0 Karma
Reply

harsmarvania57
Ultra Champion
‎10-02-2019 05:26 AM

Hi,

As you are downloading threat feed via proxy, it is not required for Splunk Server to have external DNS access, proxy will resolve those DNS queries and serve the request.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...