Guide
TrainingSupportCommunity

Infrastructure Security Analytics reports

Suggest Edits

Infrastructure Security Analytics reports let you monitor DNS traffic in your zones and provide data on NXDOMAIN responses. If you enable NXDOMAIN spike detection, these reports also inform administrators when a threshold for NXDOMAIN responses has been reached. For more information on NXDOMAIN spike detection, see Set up security analytics .

You can also specifically use the Security Summary Dashboard report to correlate data across other Akamai delivery and security products.

You can access the reports from the REPORTS page. See How to use reports.

The next sections describe the data granularity, filters, graphic visualizations, and metrics associated with each report.
For additional information about these reports, see also Monitor and report on service, traffic, and threats in the Edge DNS user guide help.

Infrastructure Security Analytics - Security Summary report

The Security Summary report is a security analytics report that provides data on DNS traffic, NXDOMAIN responses, and based on configured thresholds, NXDOMAIN spikes in your selected zone or zones. This report also correlates data to show information on DNS traffic across these delivery and security products: Prolexic, App & API Protector, and Web Security.

Data granularity

This report returns up to 14 days of data.

Filters

  • Zone names. Names of the zones to report on. You can select one or more zones.
  • Security configuration. Security configuration for App & API Protector.
  • Policy domain names. Unique name or tag in a string format that’s used by administrators to refer to policies, rules, entitlements, or configurations. The policy domain name may contain a contract name, product name, or other data.

Graphic visualization and tables

  • Edge DNS Traffic. Graph that shows all DNS requests, requests with NXDOMAIN responses, and requests that do not have NXDOMAIN responses.
  • Edge Traffic. Graph that shows Edge traffic in bits per second (bps) and packets per second (pps).
  • Prolexic Pre-Migration Traffic. Graph that shows Prolexic traffic before it reaches an ​Akamai​ scrubbing center in bps and pps.
  • App & API Protector Traffic. Graph that shows the number of detected denial-of-service (DoS) attacks, web application firewall (WAF) attacks, and bots.
  • NXDOMAIN Spikes. Table that shows NXDOMAIN spikes within a specific zone. The table shows the start and end time of the spike, the duration of the event, the total number of DNS requests, the total number of NXDOMAINs, and the country where the most NXDOMAIN spikes occurred.
  • Prolexic Events. Table that shows data on Prolexic events. The table shows the type of event, the severity level of the event, date and time the threat was first and last detected, the configuration where it applies, summary or description of the event, and the affected IP addresses. If the event is considered part of an attack, you can click the Attack event type to view more information in the Routed Events page of Security Center.
  • Web Security Alerts. Table that shows Web Security Alerts. Table shows priority of the alert, name of alert, time when the alert started and ended, filters that were applied, and information on how the alert was triggered. For recent alerts, you can click the alert name to go to the Web Security Analytics page in Security Center to view more information about the alert.

Metrics

  • DNS Requests. Total number of DNS requests.
  • NXDOMAIN Responses. Total number of NXDOMAIN responses.
  • NXDOMAIN Spikes. Number of NXDOMAIN spikes based on configured thresholds. To configure NXDOMAIN spike thresholds, see Enable and configure NXDOMAIN spike detection.
    You can click a zone name to view the Infrastructure Security Analytics - NXDOMAIN Spike Details report.
  • Prolexic Events. If your organization uses Prolexic, this is the number of Prolexic events.
  • Web Security Alerts. If your organization uses Web Security, this is the number of Web Security alerts.

Infrastructure Security Analytics - Edge DNS Summary report

The Edge DNS Summary report is a security analytics report that provides information on DNS requests and NXDOMAIN responses. This report shows the total number of DNS responses, NXDOMAIN spikes, and the percentage of traffic that contained NXDOMAIN responses. It also shows the countries where the most requests and NXDOMAIN responses occurred.

Data granularity

This report returns up to 14 days of data.

Filters

  • Zone names. Names of the zones to report on. You can select one or more zones.

Graphic visualization and tables

  • Edge DNS Traffic. Graph that shows all DNS requests, requests with NXDOMAIN responses, and requests that do not have NXDOMAIN responses.
  • Edge DNS Zones. Table that lists total number of DNS requests, total number of NXDOMAINs, and the percent of DNS traffic that contained NXDOMAINs.
  • DNS Requests by Country. Heat map that shows DNS requests based on geographic region.
  • NXDOMAIN Responses by Country. Heat map that shows NXDOMAIN responses based on geographic region.
  • DNS Requests By Country. Table with data that corresponds to the DNS Requests by Country and NXDOMAIN Responses by Country maps. The table lists the total number of DNS requests and NXDOMAIN responses by country. By default, data is in descending order for DNS requests.
  • NXDOMAIN Spikes. Number of NXDOMAIN spikes based on the configured thresholds. To configure NXDOMAIN spike threshold, see Enable and configure NXDOMAIN spike detection.
    You can click a zone name to view the Infrastructure Security Analytics - NXDOMAIN Spike Details report.

Metrics

  • Total Requests. Total number of DNS requests.
  • Total NXDOMAIN Responses. Total number of NXDOMAIN responses.
  • NXDOMAIN Percent. NXDOMAIN responses as a percentage of all DNS hits.
  • NXDOMAIN Spikes. Number of NXDOMAIN spikes based on configured thresholds. To configure NXDOMAIN spike thresholds, see Enable and configure NXDOMAIN spike detection.

Infrastructure Security Analytics - Edge DNS Zone Details report

The Edge DNS Zone Details report is a security analytics report that shows data on DNS traffic, NXDOMAIN responses, and based on configured thresholds, NXDOMAIN spikes in your selected zone or zones. This report shows the countries where most requests and NXDOMAIN responses occurred.

Data granularity

This report returns up to 14 days of data.

Filters

  • Zone names. Names of the zones to report on. You can select one or more zones.

Graphic visualization and tables

  • Edge DNS Traffic. Graph that shows all DNS requests, requests with NXDOMAIN responses, and requests that do not have NXDOMAIN responses.
  • Edge DNS Zones. Table that lists total number of DNS requests, total number of NXDOMAINs, and the percent of DNS traffic that contained NXDOMAINs.
  • DNS Requests by Country. Heat map that shows DNS requests based on geographic region.
  • NXDOMAIN Responses by Country. Heat map that shows NXDOMAIN responses based on geographic region.
  • DNS Requests By Country. Table with data that corresponds to the DNS Requests by Country and NXDOMAIN Responses by Country maps. The table lists the total number of DNS requests and NXDOMAIN responses by country. By default, data is in descending order for DNS requests.
  • NXDOMAIN Spikes. Number of NXDOMAIN spikes based on your configured thresholds. To configure NXDOMAIN spike thresholds, see Enable and configure NXDOMAIN spike detection.
    You can click a zone name to view the Infrastructure Security Analytics - NXDOMAIN Spike Details report.

Metrics

  • Total Requests. Total number of DNS requests.
  • Total NXDOMAIN Responses. Total number of NXDOMAIN responses.
  • NXDOMAIN Percent. NXDOMAIN responses as a percentage of all DNS hits.
  • NXDOMAIN Spikes. Number of NXDOMAIN spikes based on configured thresholds.
    To configure NXDOMAIN spike threshold, see Enable and configure NXDOMAIN spike detection.

Infrastructure Security Analytics - NXDOMAIN Spike Details report

The NXDOMAIN Spike Details report is a security analytics report that provides additional information on NXDOMAIN spikes. When you click a zone name in the Security Analytics, Edge DNS Summary, and Edge DNS Details reports, the NXDOMAIN Spike Details report appears.

Data granularity

This report returns up to 14 days of data.

Filters

  • Zone names. Names of the zones to report on. You can select one or more zones.

Graphic visualization and tables

  • Edge DNS Traffic. Graph that shows all DNS requests, requests with NXDOMAIN responses, and requests that do not have NXDOMAIN responses.
  • DNS Requests by Country. Heat map that shows DNS requests based on geographic region.
  • NXDOMAIN Responses by Country. Heat map that shows NXDOMAIN responses requests based on geographic region.
  • DNS Requests By Country. Table with data that corresponds to the DNS Requests by Country and NXDOMAIN Responses by Country maps. The table lists the total number of DNS requests and NXDOMAINs by country. By default, data is in descending order based on the number of DNS requests.
  • Most Requested Existing DNS Records. Shows the domain that’s most requested and the total number of requests made to those domains.
  • Most Requested Nonexisting DNS records (Last Day). Shows the most requested NXDOMAIN records and the total number of NXDOMAIN responses from the last 24 hours.

Metrics

  • Total Requests. Total number of DNS requests.
  • Total NXDOMAIN Responses. Total number of NXDOMAIN responses.
  • NXDOMAIN Percent. NXDOMAIN responses as a percentage of all DNS hits.
  • Peak Requests/Sec. Maximum (peak) DNS hits per second.
  • Peak NXDOMAIN Responses/Sec. Maximum (peak) NXDOMAIN response per second.

Updated about 1 month ago