Versions Compared

Old Version 3

changes.mady.by.user Gary Leicht

Saved on

compared with

New Version 4

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

DNS Activity Historical Data reporting gives you access to data that goes back 60 days rather than the usual 30 days. Use this feature to create custom reports by configuring queries and filters according to your organization's requirements. Saved reports will be retained for 30 days then deleted from the system automatically.

...

The DNS Activity Historical Data Viewer is used to view up to 60 days of data. The data is reported according to the queries and filters applied by using the Historical Data Viewer Query Builder. The following are the viewer’s components.

Image: The DNS Activity Historical Data Viewer page.


call-out AImage Added

Image RemovedQuery Panel: The query panel shows the results of your historical data query with filters and specific query parameters applied. The panel shows the following information:

  • Viewing: The name of the report currently being viewed. 
  • Date and Time: The date-time range for the data in the report.
  • Created by: The name of the person within the organization who is responsible for running the report.
  • Expires: The expiration date and time of the report. Reports expire 30 days after being created.
  • Query: The queries added to the report at its creation.
  • Filters: The filters applied to the report at its creation. 

     

call-out BImage Added

Image RemovedRequests Chart: The chart shows the data reported based on the results of the current query for historical data. The chart reflects the type of the DNS activity selected by applying the queries and filters used to generate the report.  

call-out CImage Added

Image RemovedClear Filter: To clear the filtered results from the report, click Clear Filter. This will also reset the reporting page to its default state.

Image Removedcall-out DImage Added

Load: Click Load to open a window that lists existing queries. In the panel on the left, select a query to be run based on the available report types. Clicking the title of a report will display its details in the panel on the right. For details on running a reporting query, see section Viewing a DNS Activity Historical Data Report.


Image: The Created Reports pane. 

A total of 10 queries can be created and saved, and this includes DNS Activity and Security Activity reports. For example, if you create and save six DNS Activity reports, then you can save at most four additional reports, which can be any combination of DNS Activity and Security Activity reports. Report names that are grayed out are not available for viewing as a DNS Activity historical data query report type and denote that the data generated in the report is based on Security Activity reports. The grayed-out reports are available when you access historical data for Security Activity reports.

To view a report, do the following:

...

Export: Click Export to download a .csv file containing all records in the current queried report. At most 50,000 data records can be downloaded. The name of the .csv file will reflect the name of the report being queried.

Historical Data Report Table: The table displays a list of all historical data records shown for your network according to the query and filtering criteria defined when the report was created. The following information can be viewed in the records table:

...

To select the information you want to display, click the triple-bar icon ☰ on the header of table Web Content Categories. To view all information, select all options; alternatively, select only the options you wish to see. To reorder information in the columns, use the up/down arrow associated with each column. For details on information provided by each column, see call-out  I.

Viewing DNS Activity Historical Data Report

...

  • Header: The number of historical reports created. This list includes the DNS Activity and Security Activity reports. At most 10 reports can be saved at any one time.
  • Left panel: A list of created historical reports.
  • Right panel: The details of a selected historical report.
    • Type: The type of the report: DNS Activity Report or Security Activity Report.
    • Data Time: The date/time period for the historical data: 1 hour (default), 24 hours, 48 hours, 7 days, 1 month, or custom.
    • Created by: The name of the person in your organization who created the historical report.
    • Expires: The date and time of the historical report's expiry.
    • Query: A list of data queries used to configure the historical report. If queries were not configured for the report, then the response will be "No".
    • Filters: A list of data filters used to configure the historical report. If filters were not configured for the report, then the response will be "No".


Image: The Created Reports pane.

Click View on the Report panel. A total of 10 queries can be created and saved. The 10 saved queries are inclusive of DNS Activity as well as Security Activity reporting. Report names that are grayed out are not available for viewing as a DNS Activity historical data query report type and denote that the data generated in the report is based on Security Activity reports. The grayed out reports are available when you try to access historical data for Security Activity reports.

Image ModifiedClick Delete to remove a saved DNS Activity historical data report from the list. A modal window will open and ask you to confirm that you want to delete the report. Deleting a report allows the saving of a new historical data report.


For information on creating a query, see section Creating and Saving a DNS Activity Historical Data Report:

...

To create and save a DNS Activity historical data report, specify the following:

Image: The DNS Activity Historical Data Viewer Query Builder panel.

Event Search: In the event search field, you can input search query field data and/or operators. Click the information icon to open the search criteria panel for information on configuring event searches (see call-out B) . 

...

  • Source: The location and type of the device within the network infrastructure. For example, the device can be an on-prem appliance or an endpoint device. To specify the types of records you want to view, select or clear the options available. When you filter by source, the filter drop-down can show no more than 10 sources. A search option is also available. Click Clear, or click the close icon to remove the search parameters from the search field. The Source filter is populated based on the past 30 days of data. Source data is not dependent on the time selection.


Image: The Source pane. 

  • Show: To filter a DNS Activity historical data report by time and date, choose an option from the drop-down menu Show:
    • 1 hour (default time period)
    • 24 hours
    • 48 hours
    • 7 days
    • 1 month
    • Custom: any time span from the past 60 days

Image: The date/time calendar used to define a custom reporting period.  

Save: Click Save to save a created report of historical data, including the applied filter and data criteria. In the Name field, provide a name for the new DNS Activity historical data report. Click Save & Close. To verify that the report has been created, click Load and check the list of created reports in the panel on the left. Alternatively, choose not to save the report, by clicking Cancel.  

 
Image: The Add a Name pane. 

The name of the created report should appear on the list shown in the panel on the left side of the report window.


Image: The Created Reports pane.