Create a DNS threat detector (original) (raw)
This page describes how to create and modify a DNS threat detector to monitor VPC networks for malicious, internet-bound DNS activity.
For more information about DNS threat detection, seeDNS Armor overview.
DNS threat monitoring can impact your billing. See Cloud DNS Pricingfor more information.
Before you begin
Complete the following before you create a DNS threat detector.
- Enablethe Network Security APIin your project.
- Make sure that you have the required roles to enable a DNS threat detector.
- If you want to use Google Cloud CLI to perform tasks, update Google Cloud CLI to the latest version.
Permissions required for this task
To perform this task, you must have been granted the following permissions_or_ the following IAM roles.
Permissions
networksecurity.dnsThreatDetectors.createnetworksecurity.dnsThreatDetectors.deletenetworksecurity.dnsThreatDetectors.getnetworksecurity.dnsThreatDetectors.listnetworksecurity.dnsThreatDetectors.update
Roles
roles/networksecurity.dnsThreatDetectorAdmin
To create a DNS threat detector for all of your VPC networks in a project, complete the following steps. Any new VPC networks added to the project are monitored automatically.
You can have only one DNS threat detector enabled for a project.
Console
- In the Google Cloud console, go to the Advanced threat detection page.
Go to Advanced threat detection - Click Create DNS threat detector.
- Enter a name for your DNS threat detector.
- Select All VPC networks in the project.
- Click Create.
gcloud
gcloud network-security dns-threat-detectors create NAME
--location=global
--project=PROJECT_ID
--provider="INFOBLOX"
Replace the following:
NAME: the name for your DNS threat detector.PROJECT_ID: your project ID.
API
{ "provider" : "INFOBLOX" }
Replace the following:
NAME: the name of your DNS threat detector.PROJECT_ID: your project ID.
Exclude a VPC network from threat monitoring
You can exclude a VPC network from threat monitoring by editing your DNS threat detector. You can also exclude the network when creating a DNS threat detector.
New VPC networks added to the project are monitored automatically.
Console
- In the Google Cloud console, go to the Advanced threat detection page.
Go to Advanced threat detection - Click More, and selectEdit.
- In the Scope section, select All VPC networks in the project except excluded networks.
- Select the VPC networks that you don't want to monitor.
- Click Save.
gcloud
gcloud network-security dns-threat-detectors update NAME
--add-excluded-networks=LIST_OF_NETWORKS
--provider="INFOBLOX"
--location=global
Replace the following:
NAME: the name of your DNS threat detector.LIST_OF_NETWORKS: the list of VPC networks you want to exclude.PROJECT_ID: your project ID.
API
{ "name" : "NAME", "excluded_networks" : [ "LIST_OF_NETWORKs" ], "provider" : "INFOBLOX" }
Replace the following:
NAME: the name of your DNS threat detector.PROJECT_ID: your project ID.LIST_OF_NETWORKS: a comma-delimited list of VPC networks you want to exclude. Each network must be in quotes.
Remove your DNS threat detector
You can delete your DNS threat detector.
Console
- In the Google Cloud console, go to the Advanced threat detection page.
Go to Advanced threat detection - Click More, and select Delete.
gcloud
gcloud network-security dns-threat-detectors delete NAME
--project=PROJECT_ID
--location=global
Replace the following:
NAME: the name of your DNS threat detector.PROJECT_ID: your project ID.
API
{ "name" : "NAME", }
Replace the following:
NAME: the name of your DNS threat detector.PROJECT_ID: your project ID.
Add labels
You can add labels to your DNS threat detector after it has been created.
Console
- In the Google Cloud console, go to the Network Security page.
Go to Network Security - Click More, and select Label.
- Enter or select labels for your DNS threat detector.
What's next
- To view any threats detected, see View threats.
- For more information about logging, see Use logging and monitoring.
- To find solutions for common issues that you might encounter with your DNS threat detector, see Troubleshooting.