Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
SYSTEM MAINTENANCE: Thurs., Sept. 19, 1 AM ET, Platform will be unavailable for approx. 60 minutes.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
gaurav618
Partner - Contributor
Partner - Contributor
‎2024-06-21 03:13 AM

Our AWS infra team checked unusual DNS in Guardduty, they ask to check with Qlik support for this.

Hi Team,

 

Our AWS infra team found unusual DNS in Guardduty as below, 
they are asking if this IP is legitimate and is using 162.159.36.2 as dns server, this is not in our IP range and country region.

Can you please check & guide if it is related to Qlik and where we can check and update this DNS server details.

or if it not related to QlikSense then kindly confirm.

We are using Qlik Sense on Windows product May 2023 Patch 09
on EC2 Instance.

Below are unmask Gaurdduty they have raised in local incident.

**************** More info **************************

},
"SchemaVersion": "2.0",
"Service": {
"Action": {
"ActionType": "NETWORK_CONNECTION",
"NetworkConnectionAction": {
"Blocked": false,
"ConnectionDirection": "OUTBOUND",
"LocalPortDetails": {
"Port": 56741,
"PortName": "Unknown"
},
"Protocol": "UDP",
"LocalIpDetails": {
"IpAddressV4": "<Masked>"
},
"RemoteIpDetails": {
"City": {
"CityName": ""
},
"Country": {
"CountryName": "United States"
},
"GeoLocation": {
"Lat": 0,
"Lon": 0
},
"IpAddressV4": "162.159.36.2",
"Organization": {
"Asn": "13335",
"AsnOrg": "CLOUDFLARENET",
"Isp": "Cloudflare",
"Org": "Cloudflare"
}
},
"RemotePortDetails": {
"Port": 53,
"PortName": "DNS"
}
}
},
"Archived": false,
"Count": 1,
"DetectorId": "a2bf4e00b70ed37e6cedcf429d2b5871",
"EventFirstSeen": "2024-06-18T01:38:31.000Z",
"EventLastSeen": "2024-06-18T01:39:23.000Z",
"ResourceRole": "ACTOR",
"ServiceName": "guardduty",
"AdditionalInfo": {
"Value": "{\"inBytes\":\"165\",\"outBytes\":\"77\",\"unusual\":\"CLOUDFLARENET\"}",
"Type": "default"
}
},
"Severity": 5,
"Title": "The EC2 instance i-07fc8c4d494230e6c is communicating with an unusual DNS resolver 162.159.36.2.",
"Type": "DefenseEvasion:EC2/UnusualDNSResolver",
"UpdatedAt": "2024-06-18T01:40:46.110Z"
}
]

Labels (3)
Labels
405 Views
0 Likes
1 Reply
c_grigoriadis
Partner - Contributor II
Partner - Contributor II
‎2024-06-21 03:57 AM

You can check if these requests are related with Qlik's backend license server. There are more instructions here

389 Views
0 Likes