Determine DGAs in cloud-dns and set to be enriched later
punisherVX opened this issue · 1 comments
punisherVX commented
With 9.0 cloud-dns on, the NGFW sends a LOT of DGAs that, while they could be of interest, they use too many points and take too long to lookup. This pushes back the primary and secondary known domains from being looked up and SFN/AF can never catch up.
The need is to classify these differently at ingest time and run against them only if the system runs out of primary and secondary, known domains to run against.