0

I am trying to block malicious domains through AWS Guard Duty which were being queried by some of the EC2 instances. During some research I found out, We can block only IP addresses by adding them in Threat list not the domains. So, is there any same way for blacklisting domains too ? If not, I would also like to know about any alternative idea.

The domain for which we have received alert is not even registered. Its somewhat look like this.

bpschrex***.co.in

On internet, I came across a security blog which tells us that the attacker intentionally uses unregistered domains in their malwares so that if they got a hit, they will later register the domain and gain access for their benefit.

Improve this question

1 Answer 1

Reset to default
1

Posting the answer to my question:

"It is not possible to block domains till date in AWS with the help of the GuardDuty Threat list. Only IPs are allowed."

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.