Filter DNS activity by criteria

You can filter DNS activity by the following criteria:

  • Autonomous System Name
  • Domain
  • Geo or Geographic region
  • Location
  • Query Type
  • Acceptable Use Policy (AUP) Category
  • Source IP

You can also configure the filter to exclude the top 10, 100, 1K, 10K, 100K, or one million websites that Alexa Internet, Inc. publishes as most popular on the internet. You can choose to exclude this data to focus the report on potentially harmful or malicious websites.

How to

  1. In the navigation menu, select Monitoring > Activity. Click the DNS Summary tab.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Threat Analytics > Activity > DNS Summary.
  2. To filter DNS requests by date and time, see Filter data based on date and time.
  3. At the top of the page, click the filter icon or in the filter menu, select Open Filter Editor.
  4. In the menu, select a criterion. Depending on the criterion you select, you can select or enter a value in the provided field. For example, if you select AUP Category, a menu where you select a category appears. You can select or provide multiple values.
  5. Select whether the filter excludes or includes data based on your criteria:
    • Select In to include the specified data in the filtered results.
    • Select Not In to exclude the specified data in the filtered results.
  6. If you want to add more criteria to your filter, click the plus icon and complete steps 5 and 6.
  7. To exclude Alexa data, select Alexa from the list of criteria, and in the provided field, select one of the following to exclude the websites on these lists from your view:
    • Alexa Top 10
    • Alexa Top 100
    • Alexa Top 1K
    • Alexa Top 10K
    • Alexa Top 100K
    • Alexa Top 1M
  8. Click Apply to apply the filter.