Create Metadata Streaming Profile

A metadata streaming profile defines how to analyze the metadata to detect threats such as domain generation algorithm (DGA) based attacks, DNS tunnels, and threats through HTTP requests. The metadata streaming profile is assigned to a rule that is deployed on the devices.

Based on the threat type you want to detect, perform one or more of the following:

• To detect all types of DNS threats, see Create Metadata Streaming Profile to Detect all DNS Threats.

• To detect domain generation algorithm (DGA) based threats, see Create Metadata Streaming Profile to Detect DGA-Based Threats.

• To detect DNS tunnels, see Create Metadata Streaming Profile to Detect DNS Tunnels.

• To detect all types of HTTP threats, see Create Metadata Streaming Profile to Detect all HTTP Threats.

• To detect only command-and-control (C2) communications, see Create Metadata Streaming Profile to Detect Command-and-Control (C2) Communications.