Test the security connector
Before you begin
On a computer that is protected
by ETP, open a browser and navigate to each of the following
When navigating to these domains, your browser is directed to the security connector where information about the request and your computer is recorded. If the browser indicates that the webpage is unavailable, then you have successfully performed this step.
After a few minutes, verify that
events are reported in ETP:
- In the Enterprise Center navigation menu, select .
- On the Threat Events tab, confirm that each test domain produced an event. Locate the domain in the grouped events area and review the associated event.
In the Correlation
column, click View. You are directed to a dialog where Security
Connector event information is provided, including the Affected Internal
IP. This is the IP address of the machine that made the request.
Note: Although this step shows threat events that correspond to Security Connector events, not all DNS traffic has a corresponding Security Connector event. This may occur for these reasons:
- DNS resolutions are cached on the local DNS cache and the Enterprise DNS Resolver. ETP reports the first DNS resolution. However, subsequent requests for the same domain are resolved wherever the resolution is cached.
- Malware uses DNS to exfiltrate data and as a result, the domain is resolved on the attacker's server.
- Repeat steps 2b and 2c for the remaining threat events.
Add email addresses of administrators or other users within your organization that you want notified when there is a software upgrade available for the security connector. See Add email addresses for Security Connector upgrade notifications.