Versions Compared

Old Version 8

changes.mady.by.user Gary Leicht

Saved on

compared with

New Version Current

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

DNS Activity Historical Data reporting gives you access to data that goes back 60 days rather than the usual 30 days. Use this feature to create custom reports by configuring queries and filters according to your organization's requirements. Saved reports will be retained for 30 days then deleted from the system automatically.

...

To navigate to DNS Activity historical data reports, do the following:

  1. Log in to the Cloud Services the Infoblox Portal.
  2. Click MonitorReports > DNS Activity.
  3. On the DNS Activity page, click Historical Data Viewer (see call-out A) to open the DNS Activity Historical Data Reports page. 

...


Image: The Created Reports pane. 

A total of 10 queries can be created and saved, and this includes DNS Activity and Security Activity reports. For example, if you create and save six DNS Activity reports, then you can save at most four additional reports, which can be any combination of DNS Activity and Security Activity reports. Report names that are grayed out are not available for viewing as a DNS Activity historical data query report type and denote that the data generated in the report is based on Security Activity reports. The grayed-out reports are available when you access historical data for Security Activity reports.

To view a report, do the following:

...

  • Background TasksClick the hourglass icon to open the side panel displaying a list of all running background tasks
  • Global Search: In the Search text box, enter the search criteria or value you want to find. 
  • Recent Searches: Click the search icon to perform a global search. The Cloud Services The Infoblox Portal displays the list of records that match the keyword in the text box. The search panel shows information you have searched for most recently, such as tools, console messages, and domains.

...

Export: Click Export to download a .csv file containing all records in the current queried report. At most 50,000 data records can be downloaded. The name of the .csv file will reflect the name of the report being queried.

call-out IImage Modified

Historical Data Report Table: The table displays a list of all historical data records shown for your network according to the query and filtering criteria defined when the report was created. The following information can be viewed in the records table:

  • DETECTED (default grid column): The date and time of the first DNS detection.
  • DNS VIEW: The DNS version data being served.
  • DEVICE COUNTRY: The country where the device is located.
  • DEVICE IP: The IP address of the device responsible for the hit. If you are using BloxOne Infoblox Endpoint for the Infoblox Grid, then BloxOne Cloud then Infoblox Platform will identify the hostname of the Grid Master and display it in this filter. If the NIOS appliance is not running a supported NIOS version, or if this device is a remote site, then BloxOne Cloud then Infoblox Platform will capture the IP address (instead of the hostname) of the appliance in this field.
  • DEVICE NAME (default grid column): The device’s name.
  • DEVICE REGION: The region within a geographic area where the device is located.
  • DHCP FINGERPRINT: The unique identifier formed by the values in the DHCP option 55 or 60. This identifier is used to identify the requesting client or device.
  • DOMAIN CATEGORY (default grid column): The domain category is based on a classification matrix, and this allows for a more precise implementation of security policies.
  • MAC ADDRESS: The detected MAC address of the device.
  • OS VERSION: The detected OS version of the device.
  • QUERY (default grid column): The domain that sent the DNS queries.
  • QUERY TYPE (default grid column): The DNS query’s type.
  • RESPONSE (default grid column): The response that BloxOne Cloud has taken provided by Infoblox Platform for the malicious hit.
  • RESPONSE COUNTRY: The country where the response originated, based on the information acquired from the public IP address of BloxOne of Infoblox Endpoint.
  • RESPONSE REGION: The region within a geographic area where the response originated. This value is based on the information acquired from the public IP address of BloxOne of Infoblox Endpoint.
  • SOURCE (default grid column): The location of the device within the network infrastructure. For example, the device can be an on-prem appliance or an endpoint device.
  • USER: The user who triggered the hit. For remote offices, the portal displays Unknown.

...

Search: Enter the keyword that you want to search on. The Cloud Services The Infoblox Portal will display the list of records that match the keyword.  

call-out KImage Modified

To select the information you want to display, click the triple-bar icon ☰ on the header of table Web Content Categories. To view all information, select all options; alternatively, select only the options you wish to see. To reorder information in the columns, use the up/down arrow associated with each column. For details on information provided by each column, see call-out  I.

Viewing DNS Activity Historical Data Report

...

Click View on the Report panel. A total of 10 queries can be created and saved. The 10 saved queries are inclusive of DNS Activity as well as Security Activity reporting. Report names that are grayed out are not available for viewing as a DNS Activity historical data query report type and denote that the data generated in the report is based on Security Activity reports. The grayed out reports are available when you try to access historical data for Security Activity reports.

call-out 4Image Modified

Click Delete to remove a saved DNS Activity historical data report from the list. A modal window will open and ask you to confirm that you want to delete the report. Deleting a report allows the saving of a new historical data report.


For information on creating a query, see section Creating and Saving a DNS Activity Historical Data Report:

...

  • query=domain.*AND device=52.123*
  • device=office1.domain OR device=office2.domain.com
  • dns_view=example-view AND query_type=A
  • (source=‘BloxOne ‘Infoblox Endpoint’ OR source=“example 1”) AND device=52.123*

...

  • Show: To filter a DNS Activity historical data report by time and date, choose an option from the drop-down menu Show:
    • 1 hour (default time period)
    • 24 hours
    • 48 hours
    • 7 days
    • 1 month
    • Custom: any time span from the past 60 days

Image: The date/time calendar used to define a custom reporting period. 

call-out D

Save: Click Save to save a created report of historical data, including the applied filter and data criteria. In the Name field, provide a name for the new DNS Activity historical data report. Click Save & Close. To verify that the report has been created, click Load and check the list of created reports in the panel on the left. Alternatively, choose not to save the report, by clicking Cancel.  

 
Image: The Add a Name pane. 

...