Filter DNS activity by criteria

You can filter DNS activity by the following criteria:

  • Application
  • Acceptable Use Policy (AUP) Category
  • Autonomous System Name
  • Domain
  • Geo or Geographic region
  • Location
  • Query Type
  • Risk
  • Source IP
  • Sub-Location

You can also configure the filter to exclude the top 10, 100, 1K, 10K, 100K, or one million websites that Alexa Internet, Inc. publishes as most popular on the internet. You can choose to exclude this data to focus the report on potentially harmful or malicious websites.

How to

  1. In the Enterprise Center navigation menu, select Threat Analytics > Activity > DNS Summary.
  2. To filter DNS requests by date and time, see Filter data based on date and time.
  3. At the top of the page, click the filter icon.
  4. Click Add filter dimension.
  5. In the menu, select a criterion. Depending on the criterion you select, you can select or enter a value in the provided field. For example, if you select AUP Category, a menu where you select a category appears. You can select or provide multiple values.
  6. Select whether the filter excludes or includes data based on your criteria, and click OK.
  7. If you want to add more criteria to your filter, click the plus icon and complete steps 5 and 6.
  8. To exclude Alexa data, select Alexa from the list of criteria, and in the provided field, select one of the following to exclude the websites on these lists from your view, and then click OK:
    • Alexa Top 10
    • Alexa Top 100
    • Alexa Top 1K
    • Alexa Top 10K
    • Alexa Top 100K
    • Alexa Top 1M
  9. Click Apply to apply the filter.