Class: Aws::Route53Resolver::Types::DnsThreatProtectionRuleTypeConfig

Inherits:

Struct

Object
Struct
Aws::Route53Resolver::Types::DnsThreatProtectionRuleTypeConfig

show all

Defined in:: gems/aws-sdk-route53resolver/lib/aws-sdk-route53resolver/types.rb

Overview

The configuration for a DNS threat protection rule type within the rule type framework.

Constant Summary collapse

SENSITIVE =

[]

Instance Attribute Summary collapse

#confidence_threshold ⇒ String
The confidence threshold for DNS Firewall Advanced.
#value ⇒ String
The type of DNS threat protection.

Instance Attribute Details

#confidence_threshold ⇒ `String`

The confidence threshold for DNS Firewall Advanced. You must provide this value when you create or update a DNS Firewall Advanced rule. The confidence level values mean:

LOW: Provides the highest detection rate for threats, but also increases false positives.
MEDIUM: Provides a balance between detecting threats and false positives.
HIGH: Detects only the most well corroborated threats with a low rate of false positives.

Returns:

(String)

# File 'gems/aws-sdk-route53resolver/lib/aws-sdk-route53resolver/types.rb', line 1739

class DnsThreatProtectionRuleTypeConfig < Struct.new(
  :value,
  :confidence_threshold)
  SENSITIVE = []
  include Aws::Structure
end

#value ⇒ `String`

The type of DNS threat protection. Valid values are:

DGA: Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains to launch malware attacks.
DNS_TUNNELING: DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without making a network connection to the client.
DICT_DGA: Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs.