All outgoing network connections (to internet) originated from applications/databases/systems/platforms that are deployed in Red Hat data centers or at cloud providers where we have administrative control must:

1). log the connection details and those logs must be sent to enterprise log collection & analyzing platform (eg Splunk)
2). be prevented from making connections to potential rogue sites or hosts by consuming Infosec approved "deny" lists (domains/sites/IPs) via DNS RBLs or other related Infosec approved services/tools.
3). must enforce "allow" list egress network connections to the public internet. Application owners are responsible for pre-authorizing or providing the list of "allow" list of all internet-based resources that their applications/systems need to connect to (such as GitHub, Salesforce APIs, etc)