DNS Activity Historical Data reporting gives you access to data that goes back 60 days rather than the usual 30 days. Use this feature to create custom reports by configuring queries and filters according to your organization's requirements. Saved reports will be retained for 30 days then deleted from the system automatically.
...
Image: The Created Reports pane.
A total of 10 queries can be created and saved, and this includes DNS Activity and Security Activity reports. For example, if you create and save six DNS Activity reports, then you can save at most four additional reports, which can be any combination of DNS Activity and Security Activity reports. Report names that are grayed out are not available for viewing as a DNS Activity historical data query report type and denote that the data generated in the report is based on Security Activity reports. The grayed-out reports are available when you access historical data for Security Activity reports.
To view a report, do the following:
...
For information on creating queries for DNS Activity historical data reports, see section Creating and Saving a DNS Activity Report.
Click Save to save a created report. When saving a report, give it a name that is unique and reflects the type of historical data being requested.
Click Back to DNS Activity to exit the viewer.
To view background tasks and information about recent searches, do the following:
- Background Tasks: Click the hourglass icon to open the side panel displaying a list of all running background tasks.
- Global Search: In the Search text box, enter the search criteria or value you want to find.
- Recent Searches: Click the search icon to perform a global search. The Cloud Services Portal displays the list of records that match the keyword in the text box. The search panel shows information you have searched for most recently, such as tools, console messages, and domains.
Export: Click Export to download a .csv file containing all records in the current queried report. At most 50,000 data records can be downloaded. The name of the .csv file will reflect the name of the report being queried.
Historical Data Report Table: The table displays a list of all historical data records shown for your network according to the query and filtering criteria defined when the report was created. The following information can be viewed in the records table:
- DETECTED (default grid column): The date and time of the first DNS detection.
- DNS VIEW: The DNS version data being served.
- DEVICE COUNTRY: The country where the device is located.
- DEVICE IP: The IP address of the device responsible for the hit. If you are using BloxOne Endpoint for the Infoblox Grid, then BloxOne Cloud will identify the hostname of the Grid Master and display it in this filter. If the NIOS appliance is not running a supported NIOS version, or if this device is a remote site, then BloxOne Cloud will capture the IP address (instead of the hostname) of the appliance in this field.
- DEVICE NAME (default grid column): The device’s name.
- DEVICE REGION: The region within a geographic area where the device is located.
- DHCP FINGERPRINT: The unique identifier formed by the values in the DHCP option 55 or 60. This identifier is used to identify the requesting client or device.
- DOMAIN CATEGORY (default grid column): The domain category is based on a classification matrix, and this allows for a more precise implementation of security policies.
- MAC ADDRESS: The detected MAC address of the device.
- OS VERSION: The detected OS version of the device.
- QUERY (default grid column): The domain that sent the DNS queries.
- QUERY TYPE (default grid column): The DNS query’s type.
- RESPONSE (default grid column): The response that BloxOne Cloud has taken for the malicious hit.
- RESPONSE COUNTRY: The country where the response originated, based on the information acquired from the public IP address of BloxOne Endpoint.
- RESPONSE REGION: The region within a geographic area where the response originated. This value is based on the information acquired from the public IP address of BloxOne Endpoint.
- SOURCE (default grid column): The location of the device within the network infrastructure. For example, the device can be an on-prem appliance or an endpoint device.
- USER: The user who triggered the hit. For remote offices, the portal displays Unknown.
Search: Enter the keyword that you want to search on. The Cloud Services Portal will display the list of records that match the keyword.
To select the information you want to display, click the triple-bar icon ☰ on the header of table Web Content Categories. To view all information, select all options; alternatively, select only the options you wish to see. To reorder information in the columns, use the up/down arrow associated with each column. For details on information provided by each column, see call-out I.
Viewing DNS Activity Historical Data Report
...
Click View on the Report panel. A total of 10 queries can be created and saved. The 10 saved queries are inclusive of DNS Activity as well as Security Activity reporting. Report names that are grayed out are not available for viewing as a DNS Activity historical data query report type and denote that the data generated in the report is based on Security Activity reports. The grayed out reports are available when you try to access historical data for Security Activity reports.
Click Delete to remove a saved DNS Activity historical data report from the list. A modal window will open and ask you to confirm that you want to delete the report. Deleting a report allows the saving of a new historical data report.
For information on creating a query, see section Creating and Saving a DNS Activity Historical Data Report:
...
- Show: To filter a DNS Activity historical data report by time and date, choose an option from the drop-down menu Show:
- 1 hour (default time period)
- 24 hours
- 48 hours
- 7 days
- 1 month
- Custom: any time span from the past 60 days
Image: The date/time calendar used to define a custom reporting period.
Save: Click Save to save a created report of historical data, including the applied filter and data criteria. In the Name field, provide a name for the new DNS Activity historical data report. Click Save & Close. To verify that the report has been created, click Load and check the list of created reports in the panel on the left. Alternatively, choose not to save the report, by clicking Cancel.
...