×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
ctulumba
Engager
Member since: ‎06-26-2018
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎06-26-2018
Activity Feed
View All

Excessive DNS Queries - Whitelist?

by in Splunk Enterprise Security
‎06-26-2018 07:16 AM
1 Karma
‎06-26-2018 07:16 AM
1 Karma
Hi all - I'm working to do a lot of cleanup in Splunk ES to cut down on some of the noise. The one area I'm having a ton of excess noise come in is from Excessive DNS Queries. I'm wondering if there is a way to create a "whitelist" of host names where I can filter hostnames that I know are valid and heavily used in our organization - things like office365.com and business related services that are heavily used from being counted towards DNS activity? We're spending alot of time reviewing DNS logs and 99.9% of the time the queries are valid business case uses and not security related. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All