I am trying to block malicious domains through AWS Guard Duty which were being queried by some of the EC2 instances. During some research I found out, We can block only IP addresses by adding them in Threat list not the domains. So, is there any same way for blacklisting domains too ? If not, I would also like to know about any alternative idea.
The domain for which we have received alert is not even registered. Its somewhat look like this.
bpschrex***.co.in
On internet, I came across a security blog which tells us that the attacker intentionally uses unregistered domains in their malwares so that if they got a hit, they will later register the domain and gain access for their benefit.
Posting the answer to my question:
"It is not possible to block domains till date in AWS with the help of the GuardDuty Threat list. Only IPs are allowed."