In the DNS Activity report, you can search
for DNS traffic that’s directed to ETP. Data appears based on applied filters and the
dimension or criteria you select. Search functionality is available to locate specific
data in the list of activity. You must be an ETP super
administrator or a user with a specific permission to view the DNS Activity report.
For more information, see Enterprise Threat Protector roles.
How to
-
In the navigation menu, select
. Click the DNS Activity
tab.
Note: If you are trying the new
Enterprise Center interface, in the navigation menu, select .
-
To filter data based on date and time, see Filter data based on date and time.
-
To configure and apply a filter, see Configure and apply a filter.
-
Select a dimension or criteria to define what data is shown.
-
In the search field provided for grouped values, enter the dimension or
criteria value. For example, if you select to show data based on domain, this
means that events are grouped by domain. In this case, you would enter a
domain.
-
To search all connections associated with the dimension you selected, click the
arrow icon for all filtered connections. For example, if you selected Source IP
as a dimension, the All Source IPs group is available and includes all source IP
addresses for all connections. All connection information appears in a table
format. Go to step 8.
-
To search for a specific event that is part of a dimension group, click the
arrow icon associated with the dimension value. For example, if events are
grouped by source IP address, this action shows connections that are associated
with a specific IP address. A list of connections appear in a table
format.
-
In the provided search field, enter a data value that is associated with the
connection. For example, you can enter the location, connection start time, end
time, and more. The value you search for should match a value in one of the
table columns.