Guide

Manage security analytics

Suggest Edits

Complete any of these tasks to help you manage the zones and shields where you set up security analytics.

Filter list of zones

You can filter the list of zones on the Security Analytics page based on this criteria:

  • Zone name
  • NXDOMAIN spike detection. You can filter based on whether NXDOMAIN spike detection is enabled, disabled, or in a pending state.
  • Dangling CNAME detection. You can filter based on whether dangling CNAME detection is enabled, disabled, or in a pending state.
  • DNS hijacking detection. You can filter based on whether DNS hijacking detection is enabled.
  • Number of NXDOMAIN spikes in the last 24 hours.
  • Number of dangling CNAMEs
  • Number of hijacked domains.

To filter the list of zones:

  1. In Control Center, go to > DNS SOLUTIONS > Edge DNS. The Zone list page opens.
  2. Click Security analytics.
  3. In the Zone tab, click the filter icon beside the search box. Options to define the filter criteria appear.
  4. In the Property menu, select the data that you want to use for your search. You can select:
    • Zone Name
    • NXDOMAIN spike detection
    • Dangling CNAME detection
    • DNS hijacking detection
    • # NXDOMAIN Spikes (24hrs)
    • # Dangling CNAMEs
    • # Hijacked Domains
  5. In the Action menu, select the operators that you want to use in the search. The options vary depending on the property you select. For example, when you select Zone name, you can select Match and Does not match for the name you provide. If you select # Dangling CNAME as the property, you can select from additional options that are appropriate for a numerical value, such as Less than and Greater than.
  6. In the value field, enter the value that you want to search by.
  7. To add more criteria to your filter, click Add row, and complete steps 4 to 6 for the new criteria.
  8. Click Apply. A filtered view of the zone list appears.

Download CSV with zone security analytics

You can download a CSV that contains this data for each zone:

  • Zone Name
  • Zone Type indicating whether it’s a primary or secondary zone
  • Status of NXDOMAIN spike detection. Indicates whether NXDOMAIN spike detection is enabled.
  • Number of NXDOMAIN spikes
  • Timestamp of last NXDOMAIN spike scan
  • Status of dangling CNAME detection. Indicates whether dangling CNAME detection is enabled.
  • Number of dangling CNAMEs
  • Timestamp of last dangling CNAME scan
  • Status of Zone Protection. Indicates whether related domain detection is enabled. For more information on zone protection, see Monitor and protect zones.
  • Status of Zone Protection report. Indicates whether the related domains report was generated for the zone. For more information, see Monitor and protect zones.
  • Status of DNS hijacking detection. Indicates whether DNS hijacking is enabled.
  • Number of hijacked domains.

If you apply a filter to your view on the Security Analytics page, the CSV shows zones in the filtered view.

To download CSV with zone security analytics:

  1. In Control Center, go to > DNS SOLUTIONS > Edge DNS. The Zone list page opens.
  2. Click Security analytics.
  3. If you want to narrow the list of zones, see Filter list of zones.
  4. Click the download icon. The CSV downloads to wherever your browser saves download files.

Generate and download a zone report

You can generate and download a report that shows the DNS records for a zone and the total number of requests made to a record.

For each zone, the last three reports you generate are saved in Control Center.

To generate and download a zone report:

  1. In Control Center, go to > DNS SOLUTIONS > Edge DNS.
  2. Click Security analytics. A list of zones appears in a table.
  3. If you want to narrow the list of zones, see Filter list of zones.
  4. Click the Actions menu for a zone and select Zone Reports.
  5. In the zone report window, click the calendar icon and select a range of time. You can select any time period that spans 31 days or less.
  6. Click Generate. Control Center generates the CSV report. Depending on the amount of data, the time it takes to generate the report may vary.
  7. When completed, click the download icon to download the report.
  8. Click Close.

View dashboards for a zone

From the Security Analytics page, you can show reports with zone data. You can access these reports from the Infrastructure Security Analytics section of Reports in Control Center. For more information, see Infrastructure Security Analytics in the Reporting documentation.

To view data dashboards for a zone:

  1. In Control Center, go to > DNS SOLUTIONS > Edge DNS.
  2. Click Security analytics.
  3. Click any of the metrics at the top of the page to view a related report.
  4. To view the Infrastructure Security Analytics - Edge DNS Summary report. Do one of the following:
    • Select one or more zones from the list.
    • Click DNS Summary Dashboard.
  5. To view more details about a specific zone, you can access the Infrastructure Security Analytics - Edge DNS Zone Details report. Do the following:
    1. Select a zone. If you want to narrow the list of zones, see Filter list of zones.
    2. In the Action menu, select Zone Details Dashboard.

View data on shield traffic

If your organization uses Shield NS53, you can view more data on your shield configuration. This procedure lets you open the Shield NS53 Proxy report that is available from the Edge DNS section of Reports in Control Center. For more information on Shield NS53 reports, see Infrastructure Security Analytics in the Reporting documentation.

To view data on Shield traffic:

  1. In Control Center, go to >DNS SOLUTIONS> Edge DNS.
  2. Click Security analytics.
  3. Click the Shields tab. A list of shields appears.
  4. Click the Actions menu for a shield and select Shield Traffic Dashboard. You are directed to the Shield NS53 Proxy report where you can apply filters to show queries that were blocked and processed by Shield NS53.

Updated 11 days ago