Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

The DNS Activity Report provides comprehensive DNS and traffic data about your networks over a specific time period. To view the DNS Activity Report, navigate to the Reports section in the Cloud Services Portal (Reports -> DNS Activity). The default DNS report displays a bar chart showing the distribution of malicious hits for Source, Devices, and Users throughout your networks over the most recent one hour time span. The default report also lists detailed information about the respective events detected at the bottom of the report in the Events table.

NOTE: Hovering over  on any of the report tabs to learn what data id is displayed within the report. 

Search Tool

The Search Tool is located above the Requests chart on the top, left-hand side of the page. The search data is pulled directly from the server  To use the search tool paste or type in your search terms into  the search field box. Alternatively, by clicking in the search field and typing the first few letters of your search query an option menu listing popular search terms will be displayed. A power search feature utilizing a new, powerful search query language is also supported.

Performing Search Queries

Using the search query language, you can search all records with customized queries. By clicking theicon located next to the search box, the Query Syntax resource window will appear. You can view sample search queries using the new search query syntax as provided in the tool-tip. Using the sample queries provided, you can construct your own queries to better assist in your searches. Refer to the specific sub-report to view the specific search queries applicable for that report.

DNS Reports by Type

At the top action bar, you can view DNS activity by type. DNS activity by type includes the total number of reported DNS hits to your infrastructure as included in the Source, Devices, and Users reports. When filtering by source, the filter drop-down is limited to showing 10 sources. You can also get specific data associated with any one of these DNS activity report types by clicking on its respective link. When you click a link, the corresponding overlay chart for the specific type of DNS report is displayed. For example, when you click DNS, a chart depicting each DNS event will be displayed, providing you with insight into the detected DNS events. This information can help you identify the top DNS events within your networks so you can take appropriate corrective actions. Note that the total number for these fields stay the same regardless of the filtering criteria you have configured for the report.

Time and Date Filtering

Clicking Show, located to the right-hand side of the page below the top Action bar, allows filtering of records by both time and date. The time period displayed can be modified from 1 hour to 1 month. Optionally, by selecting Custom and choosing From and To values, a custom time period can be chosen. You can select a different time frame from the Show drop-down menu. Show options include the following: 

  • 1 hour (default)
  • 24 hours
  • 48 hours
  • 7 days
  • 1 month
  • Custom

When Custom is selected, the following date/time filters appear, allowing further customization of the respective date and time:

  • From: When selected a time dial and calendar appears where a time and date can be selected for the start time/date.
  • To: When selected a time dial and calendar appears where a time and date can be selected for the end time/date. 

Records Refresh

Clickinglocated to the left of the time/date filtering tool, allows you to refresh the records on the page without refreshing and reloading the entire page and losing your in-place filters.

Charts

The charts display all data collected for a specific DNS activity event type. Information in the chart will reflect the type of DNS activity selected, along with the number of threats detected during the span of time indicated in the chart. Each green-colored bar on a Requests chart indicates a specific time interval within the chosen time span displayed. By rolling over each bar, the number of events, the time interval, and the date of the bar are displayed in a tool-tip window. 

 Table

The table, located below the chart displays data collected for the selected DNS activity event type. The default layout is automatically loaded for viewing; however, the table can be customized by adding additional types of report information. To add additional information to a table, click to select and display from the other additional information types listed in the option window. By default, events are displayed in chronological order based on information contained within the Detected column. Each of the columns can be sorted or reverse-sorted by clicking on the header label for the column.  

Located in the bottom-left corner of the table, the total number of table records is displayed. For instance, if there are 57 records available when unfiltered, then the table will display the following: Showing 57 of 57. If only 48 records are available after applying filters, then the table will display the following: Showing 48 of 57. The maximum number of records the UI can display is 10,000. Located in the bottom-right corner of the table the number of pages of records is listed. You can click on a page link to view the records for that page. 

DNS Activity Report Descriptions

The following DNS activity report tab descriptions provide more details specific to each report type:

  • No labels