Hello ,
I have configuered my DC as suggested in whitepapers (audit policy etc),
DNS Server is set on clients to the DC
In LEM i have added DNS connectors (on DC):
windows dns server audit log
windows dns traffic log
on the firewall I have a rule which allows traffic only through our security solution.
in this security solution I see blocked traffic to several "bad" sites with malware, mining and command & control traffic.
And now my problem, I can´t find in LEM this sites. I can also not find sites which I have opened by myself. What have I forgotten to set?
thanks for your help in advance
andy