View a markdown version of this page

DnsThreatProtectionRuleTypeConfig - Amazon Route 53
ContentsSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

DnsThreatProtectionRuleTypeConfig

The configuration for a DNS threat protection rule type within the rule type framework.

Contents

ConfidenceThreshold

The confidence threshold for DNS Firewall Advanced. You must provide this value when you create or update a DNS Firewall Advanced rule. The confidence level values mean:

  • LOW: Provides the highest detection rate for threats, but also increases false positives.

  • MEDIUM: Provides a balance between detecting threats and false positives.

  • HIGH: Detects only the most well corroborated threats with a low rate of false positives.

Type: String

Valid Values: LOW | MEDIUM | HIGH

Required: Yes

Value

The type of DNS threat protection. Valid values are:

  • DGA: Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains to launch malware attacks.

  • DNS_TUNNELING: DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without making a network connection to the client.

  • DICT_DGA: Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Required: Yes

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: