AWS Route53 documentation change
Summary
Reframed content around Foundational Rules, converted managed domain list descriptions to table format, and maintained security threat information without substantive changes.
Security assessment
Formatting changes improve readability but don't address new vulnerabilities. Threat descriptions remain unchanged, indicating no security incident response or vulnerability patching.
Diff
diff --git a/Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.md b/Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.md index b8d007296..db813e310 100644 --- a//Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.md +++ b//Route53/latest/DeveloperGuide/resolver-dns-firewall-managed-domain-lists.md @@ -19,14 +19 @@ As a best practice, before using a Managed Domain List in production, test it in -This section describes the Managed Domain Lists that are currently available. When you're in a Region where these lists are supported, you see them on the console when you manage domain lists and when you specify the domain list for a rule. In the logs, the domain list is logged within the `firewall_domain_list_id field`. - -AWS provides the following Managed Domain Lists, in the Regions they are available, for all users of Resolver DNS Firewall. - - * `AWSManagedDomainsMalwareDomainList` – – Domains associated with sending malware, hosting malware, or distributing malware. - - * `AWSManagedDomainsBotnetCommandandControl` – Domains associated with controlling networks of computers that are infected with spamming malware. - - * `AWSManagedDomainsAggregateThreatList` – Domains associated with multiple DNS threat categories including malware, ransomware, botnet, spyware, and DNS tunneling to help block multiple types of threats. `AWSManagedDomainsAggregateThreatList` includes all the domains in the other AWS Managed Domain Lists listed here. - - * `AWSManagedDomainsAmazonGuardDutyThreatList` – Domains associated with Amazon GuardDuty DNS security findings. The domains are sourced from the GuardDuty's threat intelligence systems only, and do not contain domains sourced from external third-party sources. More specifically, currently this list will only block domains that are internally generated and used for following detections in GuardDuty: Impact:EC2/AbusedDomainRequest.Reputation, Impact:EC2/BitcoinDomainRequest.Reputation, Impact:EC2/MaliciousDomainRequest.Reputation, Impact:Runtime/AbusedDomainRequest.Reputation, Impact:Runtime/BitcoinDomainRequest.Reputation, and Impact:Runtime/MaliciousDomainRequest.Reputation. - -For more information see [Finding types](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-active.html) in the _Amazon GuardDuty User Guide_. - +This section describes the Managed Domain Lists that are currently available for DNS Firewall Foundational rules. When you're in a Region where these lists are supported, you see them on the console when you manage domain lists and when you specify the domain list for a rule. In the logs, the domain list is logged within the `firewall_domain_list_id` field. @@ -33,0 +21 @@ For more information see [Finding types](https://docs.aws.amazon.com/guardduty/l +AWS provides the following Managed Domain Lists under the Foundational rule type, in the Regions they are available, for all users of Resolver DNS Firewall. @@ -34,0 +23,6 @@ For more information see [Finding types](https://docs.aws.amazon.com/guardduty/l +Threat Type | Description +---|--- +Malware | Domains associated with sending malware, hosting malware, or distributing malware. +Botnet/Command and Control | Domains associated with controlling networks of computers that are infected with spamming malware. +Aggregate Threat List | Domains associated with multiple DNS threat categories including malware, ransomware, botnet, spyware, and DNS tunneling to help block multiple types of threats. Aggregate Threat List includes all the domains in the other AWS Managed Domain Lists listed here. +Amazon GuardDuty Threat List | Domains associated with Amazon GuardDuty DNS security findings. The domains are sourced from the GuardDuty's threat intelligence systems only, and do not contain domains sourced from external third-party sources. More specifically, currently this list will only block domains that are internally generated and used for following detections in GuardDuty: Impact:EC2/AbusedDomainRequest.Reputation, Impact:EC2/BitcoinDomainRequest.Reputation, Impact:EC2/MaliciousDomainRequest.Reputation, Impact:Runtime/AbusedDomainRequest.Reputation, Impact:Runtime/BitcoinDomainRequest.Reputation, and Impact:Runtime/MaliciousDomainRequest.Reputation. For more information see [Finding types](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-active.html) in the _Amazon GuardDuty User Guide_. @@ -146 +140 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Resolver DNS Firewall domain lists +DNS Firewall Foundational Rules