Search for DNS traffic

In the DNS Activity report, you can search for DNS traffic that’s directed to ETP. Data appears based on applied filters and the dimension or criteria you select. Search functionality is available to locate specific data in the list of activity.

You must be an ETP administrator or a user with a specific permission to view the DNS Activity report. For more information, see Enterprise Threat Protector roles.

How to

  1. In the Enterprise Center navigation menu, select Threat Analytics > Activity > DNS Activity.
  2. To filter data based on date and time, see Filter data based on date and time.
  3. To configure and apply a filter, see Configure and apply a filter.
  4. Select a dimension or criteria to define what data is shown.
  5. In the search field provided for grouped values, enter the dimension or criteria value. For example, if you select to show data based on domain, this means that events are grouped by domain. In this case, you would enter a domain.
  6. To search all connections associated with the dimension you selected, click the arrow icon for all filtered connections. For example, if you selected Source IP as a dimension, the All Source IPs group is available and includes all source IP addresses for all connections. All connection information appears in a table format. Go to step 8.
  7. To search for a specific event that is part of a dimension group, click the arrow icon associated with the dimension value. For example, if events are grouped by source IP address, this action shows connections that are associated with a specific IP address. A list of connections appear in a table format.
  8. In the provided search field, enter a data value that is associated with the connection. For example, you can enter the location, connection start time, end time, and more. The value you search for should match a value in one of the table columns.