Summary of DNS activity

​Enterprise Threat Protector​ provides analytics on DNS activity. On the DNS Summary activity report, you can view graphs with this information:

  • Total Queries: Shows the total number of DNS requests. You can also select to show data in terms of Autonomous System (AS) Name, AUP category, domains, geographical area, query type, source IP address, applications, risk level, or locations.

  • Top Autonomous System Name: Shows the top autonomous system names for DNS responses.

  • Top Domain: Shows the top domains users requested.

  • Top Geo: Shows the top geographical areas where DNS responses originate from.

  • Top Location: The top locations where DNS requests originate from.

  • Top Query Type: Shows the top DNS resource record types for DNS requests.

  • Top AUP Category: Shows the top AUP categories associated with DNS requests.

  • Top Source IP. Shows the top source IP addresses that generated DNS requests.

  • Top Application. Shows the top web applications that are requested.

  • Top Risk. Shows the top risk levels of websites or web applications that are requested.

  • Top Sub-Location. Shows the top sub-locations where DNS requests originate from.

The selected date or dates for the page filters the data that is reported on the DNS Summary tab. You can create a filter that locates DNS activity based on AS Name, Domain, Geo, Location, Query Type, AUP Category, Source IP, risk level, and application. You can also exclude the top 10, 100, 1K, 10K, 100K, or one million websites that Alexa Internet, Inc. publishes as most popular on the internet. This is a useful filter to focus your reports on DNS activity that may be potentially harmful to your network.

When viewing graphs, you can hover over parts of them to view total numbers. If you are a delegated or strict delegated administrator, the data on this tab is based on the locations you created and you are allowed to access.

Depending on the information, you can also select different views of the data:

  • For the Total Queries, you can show data in a line or bar graph.

  • For the other data, you can show data in a bar graph, pie chart, or table. You can also download all data into separate spreadsheets. While the DNS Summary tab provides a graphical view of this data, you can download the spreadsheet to view a complete list of data in each of these areas. For more information see Download a DNS Activity Data Spreadsheet.

The DNS Summary activity report also includes an icon where you can produce a PDF of the page. The PDF shows an image of the page from the point in time when you selected to produce the PDF. For example, the applied filters and graphs are captured in the PDF.

Change the data type in the total DNS activity graph

You can change the data that is reported on the Total DNS queries graph. The following criteria are available:

  • Application
  • AUP Category
  • Autonomous System Name
  • Domain
  • Geo
  • Location
  • Query Type
  • Risk
  • Source IP
  • Sub-Location

By default, the Total graph shows all this data.

To change the data type in the total DNS activity graph:

  1. In the Threat Protection menu of Enterprise Center, select Reports > DNS Summary.

  2. Filter DNS requests by date and time. For more information see Filter data based on date and time.

  3. For the Total graph, in the menu, select the type of data that you want to view.

Change the data view

In the DNS and Proxy Summary activity reports, you can change the view or graph type of data. In the DNS Summary report, the total queries are reported, while in the Proxy Summary report, the total ETP Proxy transactions are reported. You can choose between a line graph or bar chart. For the other graphs on the page, you can choose to show data in a table, pie chart, or bar graph.

📘

You need to be an ETP administrator or a user with a specific permission to view the Proxy Summary report. For more information, see Roles.

To change the data view:

  1. In the Threat Protection menu of Enterprise Center, select Reports > DNS Summary or Reports >Proxy Summary.

  2. Hover over the graph and select one of the graphs or chart type icons that appear.

Filter DNS activity by criteria

You can filter DNS activity by these criteria:

  • Application
  • AUP Category
  • Autonomous System Name
  • Domain
  • Geo or Geographic region
  • Location
  • Query Type
  • Risk
  • Source IP
  • Sub-Location

You can also configure the filter to exclude the top 10, 100, 1K, 10K, 100K, or one million websites that Alexa Internet, Inc. publishes as most popular on the internet. You can choose to exclude this data to focus the report on potentially harmful or malicious websites.

To filter DNS activity by criteria:

  1. In the Threat Protection menu of Enterprise Center, select Reports > DNS Summary.

  2. To filter DNS requests by date and time, see Filter data based on date and time.

  3. At the top of the page, click the filter icon.

  4. Click Add filter dimension.

  5. In the menu, select a criterion. Depending on the criterion you select, you can select or enter a value in the provided field. For example, if you select AUP Category, a menu where you select a category appears. You can select or provide multiple values.

  6. Select whether the filter excludes or includes data based on your criteria, and click OK.

  7. If you want to add more criteria to your filter, click the plus icon and complete steps 5 and 6.

  8. To exclude Alexa data, select Alexa from the list of criteria, and in the provided field, select one of the following to exclude the websites on these lists from your view, and then click OK:

    • Alexa Top 10
    • Alexa Top 100
    • Alexa Top 1K
    • Alexa Top 10K
    • Alexa Top 100K
    • Alexa Top 1M
  9. Click Apply to apply the filter.

Download a DNS activity data spreadsheet

You can download detailed spreadsheet for a Top section of the report. This operation downloads a comprehensive list of records. The data that is included in a spreadsheet is based on the filters you apply to the DNS Summary report. Each spreadsheet can list a maximum of 10,000 records.

To download a DNS activity data spreadsheet:

  1. In the Threat Protection menu of Enterprise Center, select Reports > DNS Summary.

  2. To filter DNS request data by date and time, see Filter data based on date and time.

  3. To filter DNS request data by criteria, see Filter DNS activity by criteria.

  4. To download a spreadsheet of a top data graph:

    1. Go to one of the top data sections.

    2. If one of the graphs you need is not visible on the page, select the menu icon associated with one of the Top graphs and select the data type you need.

    3. Click the download icon that is located at the top right of the section. If prompted by your browser, save the file to an accessible location on your computer. Otherwise, you can find the file wherever your browser saves downloaded files.

    4. Repeat steps 4a to 4c for the other spreadsheets that you want to download.

Create a PDF of data on the DNS Summary tab

You can create a PDF to capture the data and graphs on the DNS Summary tab. The PDF contains an image of the page.

To create a PDF of data on the DNS Summary tab:

  1. In the Threat Protection menu of Enterprise Center, select Reports > DNS Summary.

  2. Apply the filters and select the graphical views you need for data on the DNS Summary tab.

  3. Click the PDF icon. A PDF with an image of the page is generated. If prompted by your browser to save the PDF, save the file to an accessible location on your computer. Otherwise, you can find the file wherever your browser saves downloaded files.


Did this page help you?