amazon-web-servicescloudcloud-securityamazon-guardduty

Is it possible to block malicious domains in AWS by adding them in Threat List?


I am trying to block malicious domains through AWS Guard Duty which were being queried by some of the EC2 instances. During some research I found out, We can block only IP addresses by adding them in Threat list not the domains. So, is there any same way for blacklisting domains too ? If not, I would also like to know about any alternative idea.

The domain for which we have received alert is not even registered. Its somewhat look like this.

bpschrex***.co.in

On internet, I came across a security blog which tells us that the attacker intentionally uses unregistered domains in their malwares so that if they got a hit, they will later register the domain and gain access for their benefit.


Solution

  • Posting the answer to my question:

    "It is not possible to block domains till date in AWS with the help of the GuardDuty Threat list. Only IPs are allowed."