[ brainbuger @ 17.08.2020. 15:07 ] @
Sinoć slučajno uradim DNS query na ES i dobijem alert od AWS GuardDuty servisa da je u pitanju maliciozan sajt. Čisto da javim da admini ES-a mogu da preduzmu odredjene mere ako treba. Code: updatedAt: 2020-08-17T04:01:31.047Z domain: www.elitesecurity.org type: Trojan:EC2/DropPoint!DNS threatListName: ProofPoint actio: dnsRequestAction protocol: UDP actionType: DNS_REQUEST description: EC2 instance i-xxxxxxxxxxxxxx is querying a domain name of a remote host that is known to hold credentials and other stolen data captured by malware. |