DNS Activity Historical Data reporting offers the capability to access data that goes back beyond the usual 30-day limit, thus allowing the ability to search up to 60 days of data records. To access historical data, you can create custom historical data reports by configuring queries and filters according to your organization's specific requirements. These customized reports allow you to obtain the precise historical data you need. It's important to note that saved historical data reports will be retained for a maximum of 30 days, after which time they will be automatically deleted from the system.
...
- Viewing: The name of the report currently being viewed.
- Date and Time: The time and date range for which the data in the report is included.
- Created by: The name of the person within the organization responsible for running the report.
- Expires: The expiry time and date for the report. Reports expire 30 days after their creation date
- Query: The queries added to the report at its time of creation.
- Filters: The filters applied to the report at its time of creation.
...
Load: Click Load to select a previously created historical data report query to run from among the list of previously created reports. A window will open displaying all created reports. In the left-hand pane, you can select a report to run based on the available, created report types. Clicking on the title of a report in the left-hand pane will display the details of the report in the adjacent right-hand pane. Created reports expire 30 days after their creation date. To run a historical data report, see the topic on Viewing a DNS Activity Historical Data Report.
A total of 10 historical data report queries can be created and saved. The 10 saved historical data report queries are inclusive of both DNS Activity reporting and Security Activity reporting. For example, if you create and save six DNS Activity historical data query report types, then you can save a maximum of four additional reports. The four additional reports can be any combination of DNS Activity and/or Security Activity report types. Report names that are grayed out are not available for viewing as a DNS Activity historical data query report type and denote that the data generated in the report is based on Security Activity reports. The grayed out reports are available when accessing historical data for Security Activity reports.
- Select an available report from the list of reports listed in the left-hand pane
- Click View to open the report.
...
- Select an available report from the list of reports listed in the left-hand pane.
Click Delete to remove the report from the list. A modal window will appear confirming that you want to delete the report. Click Delete to confirm deletion of the report.
For information on creating queries for DNS Activity historical data reports, see the section on Creating and Saving a DNS Activity Report.
...
Export: Click Export to download a .csv file containing all records contained within the current, queried report. A maximum of 50,000 data records can be downloaded. The name of the .csv file will reflect the name of the report being queried.The name of the .csv file will reflect the name of the report being queried.
Historical Data Report Table: The Historical Data Report Table displays a list of all historical data records seen on your network based on the query and filter criteria defined when the report was created. Using the query and filter options, you can limit the records displayed in the table to only those queries and filters selected at the time the report was created. The following information can be viewed in the records table:
- DETECTED (default grid column): The date and time of the first DNS detection
- DNS VIEW: The DNS version data being served.
- DEVICE COUNTRY: The country where the device is located.
- DEVICE IP: The IP address of the device responsible for the hit. If you are using BloxOne Endpoint for the Infoblox Grid, BloxOne Cloud can identify the hostname of the Grid Master and displays it in this filter. If the NIOS appliance is not running a supported NIOS version or if this device is a remote site, BloxOne Cloud captures the IP address (instead of the hostname) of the appliance in this field.
- DEVICE NAME (default grid column): The name of the device.
- DEVICE REGION: The region within a geographic area where the device is located.
- DHCP FINGERPRINT: The unique identifier that was formed by the values in the DHCP option 55 or 60. This identifier is used to identify the requesting client or device.
- DOMAIN CATEGORY (default grid column): Domain category is based on a classification matrix allowing a more precise implementation of security policies.
- MAC ADDRESS: The detected MAC address of the device.
- OS VERSION: The detected OS version of the device.
- QUERY (default grid column): Displays the domain that sent the DNS queries.
- QUERY TYPE (default grid column): The DNS query type.
- RESPONSE (default grid column): The response taken by BloxOne Cloud for the malicious hit.
- RESPONSE COUNTRY: The country where the response originated based on information acquired from the public IP address of BloxOne Endpoint.
- RESPONSE REGION: The region within a geographic area where the response originated based on information acquired from the public IP address of BloxOne Endpoint.
- SOURCE (default grid column): The location of the device within the network infrastructure. For example, the device can be an on-prem appliance or an endpoint device.
- USER: The user that triggered the hit. For remote offices, the portal displays Unknown for these users.
...
Click the triple bar icon ☰ on the Web Content Categories table header to select what information you want to display. You can view all information by selecting all options or select only those options you wish to display. You can use the up/down arrow associated with each column to reorder information in the columns. See call-out 
for information on what information each column item provides.
...
Click View on the Report panel. A total of 10 historical data report queries can be created and saved. The 10 saved historical data report queries are inclusive of both DNS Activity reporting and Security Activity reporting. Report names that are grayed out are not available for viewing as a DNS Activity historical data query report type and denote that the data generated in the report is based on Security Activity reports. The grayed out reports are available when accessing historical data for Security Activity reports.
Click Delete to remove a saved DNS Activity historical data report from the list. A modal window will appear confirming that you want to delete the historical data report. Deleting a historical data report allows the saving of a new historical data report.
For information on creating a query, see the section on Creating and Saving a DNS Activity Historical Data Report:
- Once the selected historical report has finished generating, the report results can be viewed in the Historical Data Report Table (see call-out
). - You can run a search against the report results (see call-out
) or you can export the report results as a .csv file for viewing (see call-out ). - When you are finished viewing the report, click Clear Filter (see call-out
) to clear the report results from the page and reset the page to run another report.
...
Save: Click Save to save a created historical data report including the applied filter and data criteria. In the name field, input the name of the new DNS Activity historical data report. Once a name for the newly created, historical data report has been added, click Save & Close to save the report. You can verify the report's creation by clicking Load and viewing the list of created reports in the left-hand panel. Alternatively, you can choose to not save the report by clicking Cancel.
You can verify the report's creation by clicking Load. The name of the newly created DNS Activity historical data report should be displayed on the list of reports in the left-hand pane of the report window.
...