Differences

This shows you the differences between two versions of the page.

--- infoblox_threat_defense:threat_insight [2025/07/29 10:44] – bstafford
+++ infoblox_threat_defense:threat_insight [2026/01/21 09:17] (current) – bstafford
@@ Line 24: / Line 24: @@
 Other:
   * The name servers used for the domain is not reputable
+Syslog of Hit (src = client that made the query to NIOS)
+<code>src=10.10.20.20 spt=53198 view=_default qtype=A msg="rpz QNAME CNAME rewrite ws-zw9yt1viqsxqrc8ilpp06my7qoinq3kxphttfio969l15lqsvw.example.com [A] via ws-zw9yt1viqsxqrc8ilpp06my7qoinq3kxphttfio969l15lqsvw.example.com.threatinsightfeed.local" CAT=RPZ</code>
+A major differentiator between Threat Insight and Threat Insight in the Cloud is that Threat Insight in the Cloud, although slower due to the time spent transporting data to the cloud, blocking of malicious DNS traffic is more advanced and has a greater processing capability to deal with a wider range of threats. For example, it can protect against DGA and Fast Flux activity and deal with "lower and slower" exfiltration attempts, while Threat Insight on-premise is faster it can’t protect against Data Exfiltration, DNS Messenger, Fast Flux, DGA.