Page Comparison

DNS Activity Historical Data reporting offers the capability to access data that goes back beyond the usual 30-day limit, thus allowing the ability to search up to 60 days of data records. To access historical data, you can create custom historical data DNS Activity Historical Data reporting gives you access to data that goes back 60 days rather than the usual 30 days. Use this feature to create custom reports by configuring queries and filters according to your organization's specific requirements. These customized reports allow you to obtain the precise historical data you need. It's important to note that saved historical data reports Saved reports will be retained for a maximum of 30 days , after which they will be automatically then deleted from the system automatically.

You can save Save up to 10 historical data reports, which can include requests for DNS Activity report data and/or Security Activity report data. This enables you to analyze and reports, and use them to derive insights from past DNS- and security-related activities . By leveraging this functionality, you can and to gain a comprehensive understanding of historical trends and patterns within your data. Historical Data Historical Data reporting can be configured for for DNS Activity and Security Activity and reports. 

Topics covered on this page:  

...

This page covers the following topics:

• DNS Activity Historical Data Viewer
• Viewing a DNS Activity Historical Data

...

• report
• Creating and

...

• saving a DNS Activity Historical Data

...

• report

Navigating to DNS Activity Historical Data Reports

To navigate to DNS Activity historical data reportsdata reports, do the following:

1. Log in to

...

1. the Infoblox Portal.
2. Click Monitor > Reports > DNS Activity.
3. On the DNS Activity page, click Historical Data Viewer (see call-out

...

1. A) to open the DNS Activity Historical Data Reports page. 

...

DNS Activity Historical Data Viewer

The DNS Activity Historical Data Viewer is used to view up to 60 days of specific data based on data. The data is reported according to the queries and filters that have been applied by using the historical data viewer query builder. The Historical Data Viewer included the following Query Builder. The following are the viewer’s components. 

Image: The DNS Activity Historical Data Viewer page.

Image Added

Image RemovedQuery Panel: On the The query panel , you can view shows the results of your historical data historical data query with filters and specific query parameters applied. The query panel includes shows the following information:

• Viewing: The name of the report currently being viewed.   
• Date and Time: The date-time and date range for which the data in the report is included.
• Created by: The name of the person within the organization who is responsible for running the report. 
• Expires: The expiry time and date for expiration date and time of the report. Reports Reports expire 30 days after their creation date being created.
• Query: The queries added to the report at its time of  creation.
• Filters: The filters applied to the report at its time of creation.   
   

Image Added

Image RemovedRequests Chart: The requests chart displays a visual representation of shows the data reported based on the results of the current query for historical data query.  Information on the chart will reflect The chart reflects the type of the DNS activity selected based on by applying the application of queries and filters when the historical data report was created. Image Removedused to generate the report.  

Image Added

Clear Filter: To  To clear the filter filtered results from the current historical data report query begin displayed, click Clear Filter. This will clear the current report query and will reset the historical data also reset the reporting page to its default state.

Image Added

Image RemovedLoad: Click Load to select a previously created historical data report query to run from among the list of previously created reports. A window will open displaying all created reports. In the left-hand pane, you can select a report to open a window that lists existing queries. In the panel on the left, select a query to be run based on the available , created report types. Clicking on the title of a report in the left-hand pane will display the its details of in the report in panel on the adjacent right-hand pane. Created reports expire 30 days after their creation date. To run a historical data report, see  the topic on . For details on running a reporting query, see section Viewing a DNS Activity Historical Data Report.

Image: The Created Reports pane. 

A total of 10 historical data report 10 queries can be created and saved. The 10 saved historical data report queries are inclusive of both , and this includes DNS Activity reporting and Security Activity reportingreports. For example, if you create and save six DNS Activity historical data query report typesActivity reports, then you can save a maximum of at most four additional reports. The four additional reports , which can be any combination of DNS Activity and /or Security Activity report typesreports. Report names that are grayed out are not available for viewing as a a DNS Activity historical data query report type and denote that the data generated in the report is based on Security Activity reports. The grayed-out reports are available when accessing you access historical data for Security Activity reports. 

To view a report, do the following:

1. Select an available report from the list of reports listed in the panel on the left-hand pane .
2. Click View to  open open the report. 

To delete a report, do the following:

...

1. Select an available report from the list of reports listed in the panel on the left-hand pane.
2. Click

...

1. Delete. A modal window will

...

1. open and request your confirmation. Click Delete to confirm deletion of the report.

...

For information on creating queries for DNS Activity historical data reports, see the section on Creating and Saving a DNS a DNS Activity Report.

Image Added

Image RemovedClick Save to save a newly created historical data created report. Image RemovedClick Back to DNS Activity to exit the historical data viewer.  When saving a report, give it is suggested the historical report be saved with a unique name reflecting the type of historical data being requestedImage RemovedBackground tasks and recent search information can be viewed by doing a name that is unique and reflects the type of historical data being requested.

Image Added

Click Back to DNS Activity to exit the viewer.

Image Added

To view background tasks and information about recent searches, do the following: 

• Background Tasks: Click

...

• the hourglass icon to open the side panel displaying a list of all running background tasks. 
• Global Search:

...

• In the Search text box, enter the search criteria or value

...

• you want to

...

• find. 
• Recent Searches: Click

...

•  the search icon to perform a global search.

...

• The Infoblox Portal displays the list of records that match the keyword in the text box.

...

• The search panel

...

• shows information you have searched for most recently, such as tools, console messages, and

...

• domains.
  
  

Image Added

Export: Click  Click Export to download a .csv file containing all records contained within in the current , queried report. A maximum of At most 50,000 data records can be downloaded. The name of the .csv file will reflect the name of the report being queried.The name of the .csv file will reflect the name of the report being queried. Image Removed

Image Added

Historical Data Report Table: The Historical Data Report Table table displays a list of all historical data records seen on shown for your network based on according to the query and filter filtering criteria defined when the report was created. Using the query and filter options, you can limit the records displayed in the table to only those queries and filters selected at the time the report was created.  The following information can be viewed in the records table:

• DETECTED (default grid column):   The date and time of the first DNS detection.
• DNS VIEW:   The DNS version data being served.
• DEVICE COUNTRY:   The country  country where the device is located.
• DEVICE IP:   The IP address of the device responsible for the hit. If you are using BloxOne Infoblox Endpoint for the Infoblox Grid,  BloxOne Cloud can then Infoblox Platform will identify the hostname of the Grid Master and displays display it in this filter. If the NIOS appliance is not running a supported NIOS version, or if this device is a remote site,  BloxOne Cloud captures then Infoblox Platform will capture the IP address (instead of the hostname) of the appliance in this field.
• DEVICE NAME (default grid column):   The device’s name of the device.
• DEVICE REGION:   The region within a geographic area where the device is located.
• DHCP FINGERPRINT:   The unique identifier that was formed by the values in the DHCP option 55 or 60. This identifier is used to identify the requesting client or device.
• DOMAIN CATEGORY  (default grid column): Domain The domain category is based on a classification matrix allowing , and this allows for a more precise implementation of  security of security policies.
• MAC ADDRESS:   The detected MAC address of the device.
• OS VERSION:   The detected OS version of the device.
• QUERY (default grid column):  Displays the The domain that sent the DNS queries. 
• QUERY TYPE (default grid column):   The DNS query query’s type.
• RESPONSE (default grid column):   The response taken provided by BloxOne Cloud Infoblox Platform for the malicious hit.
• RESPONSE COUNTRY:   The country where the response originated, based on the information acquired from the public IP address of BloxOne of Infoblox Endpoint.
• RESPONSE REGION:   The region within a  a geographic area where the response originated. This value is based on the information acquired from the public IP address of BloxOne of Infoblox Endpoint.
• SOURCE (default default grid column):   The location of the device within the network infrastructure. For example, the device can be an  on-prem  appliance or an  endpoint  device.
• USER:   The user that who triggered the hit. For remote offices, the portal displays  Unknown for these users.
  
  

Image Added

Image RemovedSearch: Enter  Enter the value keyword that you want to search in the Search text box. The Cloud Services Portal displays on. The Infoblox Portal will display the list of records that match the keyword in the text box.  Image RemovedClick

Image Added

To select the information you want to display, click the triple-bar icon icon ☰ on the  header of table Web Content Categories table header to select what information you want to display.  You can . To view all information by selecting , select all options or ; alternatively, select only those the options you wish to display.  You can see. To reorder information in the columns, use the up/down arrow associated with each column to reorder information in the columns. See call-out  Image Removed for information on what information each column item provides. For details on information provided by each column, see call-out  I.

Viewing

...

DNS Activity Historical Data Report

Image Modified

Click Load to select a previously created report. You can view the The details of a selected the report will appear in the right-hand pane of the created reports window panel on the right (see call-out Image Removedout 2).

Image ModifiedIn the

The details panel you can view shows the following information for the created report information:

• Header: The number of historical reports created. This list is inclusive of both includes the DNS Activity historical reports and the Security Activity historical reports. A limit of At most 10 historical reports can be saved at any one time. 
• Left Left panel: A list of created historical reports. 
• Right panel: The details of a selected historical report.
• Type: The type of
historical
• the report
(
• : DNS Activity Report or Security Activity Report
)
• .
 
• Data Time: The date/time period for the historical data
(
• : 1 hour (default
time period
• ),
 
• 24 hours, 48 hours, 7 days, 1 month, or custom
date/time period)
• .
• Created by: The name of the person in your organization who created the historical report.
 
• Expires: The date and time of the historical report's expiry.
 
• Query: A list of data queries used
when configuring
• to configure the historical report.
 
• If queries were not configured for the report, then the response will be "No".
• Filters:
 
• A list of data filters used
when configuring
• to configure the historical report.
 
• If filters were not configured for the report, then the response will be "No".

Image: The Created Reports pane.

Image Modified

Click View on the Report panel. A total of 10 historical data report 10 queries can be created and saved. The 10 saved historical data report saved queries are inclusive of both DNS Activity reporting and as well as Security Activity reporting.   Report names that are grayed out are not available for viewing as a a DNS Activity historical data query report type and denote that the data generated in the report is based on Security Activity reports. The grayed out reports are available when accessing you try to access historical data for Security Activity reports.

Image Modified

Click Delete to remove a saved DNS Activity historical data report from the list. A modal window will appear confirming open and ask you to confirm that you want to delete the historical data report.   Deleting a historical data report allows the saving of a new historical data report.

For information on creating a query, see the section on Creating and Saving a DNS Activity Historical a DNS Activity Historical Data Report:

1. Once the selected historical report has finished generatingis generated, the report results can be viewed in the the Historical Data Report  Table (see table. See call-out Image Removed) H.
2. You can You can run a search against the report reported results (see call-out Image Removedout J), or you can export the report reported results as a .csv file for viewing (see call-out Image Removedout H).
3. When you are have finished viewing the report, click Clear Filter (see call-out Image RemovedC) to clear the report results from the page and to reset the page to run another report.

Creating and Saving

...

DNS Activity Historical Data Report

To create and save a DNS Activity historical data report, do specify the following:

Image: The DNS Activity Historical Data Viewer Query Builder panel.

Image Added

Image RemovedEvent Search: In the event search field, you can input search query field data and/or operators. Click Image Removed to the information icon to open the search criteria panel for information on configuring event searches searches (see call-out Image RemovedB). 

Image Added

Image RemovedSearch Queries: Click Image Removed to open the information icon topen the search criteria panel where that shows examples of what the filter and data criteria is accommodated by the event search feature.   The search feature supports using queries to perform for searches using the integrated search query language. Using the search query language, you can search that use the Language-Integrated Query (LINQ). Use this language to create customized queries for searching across all records in the   Security Events   report with customized queries. Using By using the search query options available for generating DNS  Activity Activity historical data data reports, you can do the following:

• Run a search on any of the following fields:
  • DEVICE COUNTRY
  • DEVICE IP
  • DEVICE NAME
  • DEVICE REGION
  • DHCP FINGERPRINT
  • DNS VIEW
  • DOMAIN CATEGORY
  • MAC ADDRESS
  • OS VERSION
  • QUERY
  • QUERY TYPE
  • RESPONSE
  • RESPONSE COUNTRY
  • RESPONSE REGION
  • SOURCE
  • USER

...

• Use the =

...

• and the

...

• NOT (!=)

...

• operators

...

• Use

...

• the AND

...

• and

...

• OR

...

• operators

...

• Use

...

• the single

...

• and

...

• double

...

• quotation marks to

...

• specify values with spaces

...

• Use the parentheses to group parts of a search

...

• Use

...

• the wildcard symbol (*)

...

• as the last character of the search value for a partial match

...

...

• Press the

...

• Enter key to

...

• run a search

...

• Press the Tab key to autocomplete a search with the first available suggestion

...

The following are examples of search query examplesqueries:

• query=domain.*AND device=52.123*
• device=office1.domain OR device=office2.domain.com
• dns_view=example-view AND query_type=A
• (source=

...

• ‘Infoblox Endpoint’ OR source=“example 1”) AND device=52.123*

...

A search by the query fields matches values by subdomains.

...

For example, query = domain.com

...

matches 'domain.com', 'office.domain.com', and 'space.office.domain.com.

Image Added

Image RemovedFilters: The  The filters that are supported for applying can be applied to a historical data report. The following filters are supported when for creating and running a DNS Activity historical Activity historical data report:

• Source: The location and type of the device within the network infrastructure. For example, the device can be an   on-prem   appliance or an   endpoint   device. You can select which records to view by selecting or deselecting from among To specify the types of records you want to view, select or clear the options available.  When filtering When you filter by source, the filter drop-down is limited to showing can show no more than 10 sources. A search option is also available. Click Clear or clickImage Removedto remove , or click the close icon to remove the search parameters from the search field.   The Source filter is populated based on the last past 30 days of data. Source data is not dependent on the time selection.

Image: The Source pane. 

• Show: To filter a DNS Activity historical data report can be filtered by choosing Activity historical data report by time and date, choose an option from the  Show  drop-down menu, The following time values are supported Show:
  • 1 hour (default time period)
  • 24 hours
  • 48 hours
  • 7 days
  • 1 month
  • Custom (Custom: any time span can be selected from the past 60 days)

Image: The Datedate/Time time calendar used to define a custom reporting period.   

Image Added

Image RemovedSave: Click Save to save a created historical data report created report of historical data, including the applied filter and data criteria. In the name Name field, input the provide a name of for the new DNS Activity historical Activity historical data report. Once a name for the newly created, historical data report has been added, click Click Save & Close to save the report. You can verify the report's creation by clicking Load and viewing . To verify that the report has been created, click Load and check the list of created reports in the panel on the left-hand panel.   Alternatively, you can choose not to not save the report, by clicking   Cancel.  

 
You can verify the report's creation by clicking Load. Image: The Add a Name pane. 

The name of the newly created DNS Activity historical data report should be displayed appear on the list of reports shown in the panel on the left -hand pane side of the report window. 

Image: The Created Reports pane.