DNS activity

The DNS Activity report provides data on all DNS activity that’s directed to ETP or ETP Proxy. While the Summary of DNS Activity report shows the top DNS requests based on dimensions like domain, location, and more, the DNS Activity report shows more detailed data on traffic, such as the applied policy action or the internal client IP address associated with traffic.
Note: You must be an ETP super administrator or a user with a specific permission to view the DNS Activity report. For more information, see Enterprise Threat Protector roles.
Report viewers or administrators can:
  • Investigate suspicious activity
  • Review requests made to a specific domain
  • Check activity from a specific client internal IP address or machine name
  • Troubleshoot a failed request based on connection ID or client request ID
The organization of activity data is similar to event data. When navigating this tab:
  • Any applied date or data filter defines the data that is shown. You can filter data based on the selected date or date range, the time of day you enter, the area you select in the Time graph, and the actual filters applied to data on the page. You can create a filter where you include or exclude data from the view.
  • Data that appears on the DNS Activity report is defined by the selected dimension.
    • The Top 6 area lists the top 6 data values for the selected dimension. For example, if you select the Location dimension, the Top 6 Locations are listed.
    • Activity data is grouped by the selected dimension. For example, if you select the Location dimension, this data is organized by specific locations. You can expand a specific location to view the associated activity.
  • You can perform the following actions on this page:
    • View activity details. If you select the information icon beside the activity data, more details appear in a separate window.
    • Add data to the filter. You can decide to exclude or include data in the filter.
    • View the Indicators of Compromise (IOC) details for a requested domain. When viewing events based on domain, you can click the information icon and the IOC Details appear in a separate window.