Skip to content

Active Blocked Domains

The Active Blocked Domains feature allows users to monitor and manage domains that are actively blocked due to suspicious or malicious activities. This feature is essential for preventing traffic from known harmful domains and enhancing overall network security.

Functional Overview

  • Real-Time Monitoring – View all domains that are actively blocked based on detection rules or threat intelligence feeds.
  • Automatic Blocking – Domains are automatically blocked once they are identified as malicious by the system or detection rules.
  • Add Blocked Domain – Manually add a domain to the blocked list for monitoring and further action.
  • Details View – See detailed information for each blocked domain, including associated activity, the reason for the block, and the time the block was applied.
  • Export/Import – Export the list of blocked domains for further analysis or backup purposes, and import external lists of domains for monitoring.
  • Truncate – Clear all entries from the blocked domain list at once when necessary.

Adding a new Active Blocked Domains

The Add Active Blocked Domain function allows users to manually add domains to the block list, preventing any communication or traffic from those domains. This action is typically taken when a domain is identified as malicious or suspicious.

  • A scenario where a network administrator identifies that a domain, malicious-example.com, has been linked to several suspicious activities, such as malware distribution and phishing attacks. To prevent further communication with this domain, the administrator wants to add malicious-example.com to the list of blocked domains.

​ Steps to Add a New Active Blocked Domain:

  1. Navigate to Active Blocked Domains from the main menu, navigate to Administration > Active Blocked Domains.

  2. In the Active Blocked Domains interface, click the Add button to begin adding the domain.

  3. In the Value field, type malicious-example.com. This is the domain that will be blocked and prevent any communication with it across the network.

  4. Set the Expires parameter to specify how long this domain should remain blocked (e.g., Expires in 30 days).

  5. Choose the list that this domain will be added to, like Default Block List or Custom Block List. This helps categorize the blocked domains.

  6. In the Comment field, provide additional context, such as “Domain flagged for phishing activity.” This will help the team understand why the domain was blocked.

  7. Click Save - Once all fields are filled, click Save to apply the changes. The domain malicious-example.com will now be listed under Active Blocked Domains and communication with it will be blocked.