Palo Alto Networks offers cybersecurity solutions that protect a businesses’ data, applications, and users. The Cyences app has a Palo Alto DNS Sinkhole alert in place that helps strengthen your network’s security with the assistance of Palo Alto’s next generation firewalls. The Palo Alto DNS Sinkhole alert notifies Splunk users when outbound DNS traffic gets redirected to Palo Alto’s assigned IP address (18.104.22.168) to be blocked and logged appropriately. This is a great tool for identifying infected hosts in your network.
- Dealing with Security False Positives in Splunk (Enterprise Security)SIEM tools are extremely useful for security engineers, but a major problem with SIEMs are false positives. No matter which… Read more »