Sinkholed domain
If I have Cortex XDR + palo alto NGFW and an internal DNS server, and a user queries a malicious domain that gets sinkholed In XDR, should the alert show the DNS server as source and I have to pivot to find the endpoint, or should it be automatically tied to the actual endpoint that made the requ
ORIGINAL SOURCE →via Reddit r/cybersecurity
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · conflict
- [CONFLICT] Intermodal Asia
- [CONFLICT] Securing the Untrusted Agentic Development Layer
- [CONFLICT] Live like a Montefiore at Tel Aviv’s Fiori 41
- [CONFLICT] Dubai, Israel, and the impact of the Iran war on hospitality
- [CONFLICT] After leaving Amish roots in Kentucky, Brianna Leapley built a Jewish life in Jerusalem
- [CONFLICT] IDF, Border Police raid illegal weapons production site in Nablus