The DNS tab provides comprehensive security data about the types of DNS hits within your network over a specific time period. This tab collects the data from the other reports and makes the information available in one location. To export the DNS table data in csv format, click Export. The default file name is dns-activity_dns.csv. Exported data is limited to 50,000 records.
...
| Note | ||
|---|---|---|
| ||
|
The DNS table displays the following information by specific criteria where you can select the applicable objects from the following column drop-down menus:
- DETECTED: The date and time of the first DNS detection.
- QUERY: Displays the domain that sent the DNS queries.
- SOURCE: The location of the device within the network infrastructure. For example, the device can be an on-prem appliance or an endpoint device.
- DEVICE NAME: The name or IP address of the device.
- RESPONSE: The response taken by BloxOne Cloud for the malicious hit.
- QUERY TYPE: The DNS query type.
- DNS VIEW: The DNS version data being served.
- MAC ADDRESS: The detected MAC address of the device.
- DHCP FINGERPRINT: The unique identifier that was formed by the values in the DHCP option 55 or 60. This identifier is used to identify the requesting client or device.
- USER: The user that triggered the hit. For remote offices, the portal displays Unknown for these users.
- OS VERSION: The detected OS version of the device.
- DEVICE IP: The IP address of the device responsible for the hit. If you are using BloxOne Endpoint for the Infoblox Grid, BloxOne Cloud can identify the hostname of the Grid Master and displays it in this filter. If the NIOS appliance is not running a supported NIOS version or if this device is a remote site, BloxOne Cloud captures the IP address (instead of the hostname) of the appliance in this field.
...