DnsThreatProtectionRuleTypeConfig
The configuration for a DNS threat protection rule type within the rule type framework.
Contents
- ConfidenceThreshold
-
The confidence threshold for DNS Firewall Advanced. You must provide this value when you create or update a DNS Firewall Advanced rule. The confidence level values mean:
-
LOW: Provides the highest detection rate for threats, but also increases false positives. -
MEDIUM: Provides a balance between detecting threats and false positives. -
HIGH: Detects only the most well corroborated threats with a low rate of false positives.
Type: String
Valid Values:
LOW | MEDIUM | HIGHRequired: Yes
-
- Value
-
The type of DNS threat protection. Valid values are:
-
DGA: Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains to launch malware attacks. -
DNS_TUNNELING: DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without making a network connection to the client. -
DICT_DGA: Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Required: Yes
-
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
