DNS activity dimensions
You must be an ETP super administrator or a user with a specific permission to view the DNS Activity report. For more information, see Enterprise Threat Protector roles.
| Dimension | Description |
|---|---|
| Location | ETP location where the traffic originated from. |
| Domain | Domain requested by the user. |
| Source IP | IP address of traffic. This is likely the IP address that’s assigned to a location as a result of Network Address Translation (NAT). |
| Action | Policy action that was applied to traffic. |
| Policy | Policy that was applied to the activity. |
| Autonomous System Name | A unique identifier for a network. |
| Query Type | DNS resource record type associated with the request. |
| Resolved IP | IP address that’s resolved from a domain name. |
| On Ramp Type | If traffic is directed to ETP Proxy, this dimension
indicates the type of proxy that applies. This field may show these
values:
|
| Internal Client IP | Internal IP address of the user’s machine. |
| Internal Client Name | Internal client name of machine that’s detected by DNS Forwarder. |
| Client Request ID | Universally unique identifier (UUID) of ETP Client that’s installed on the machine. |
| Machine Name | If activity is detected off the corporate network or ETP Client directs traffic to ETP Proxy, this dimension identifies the ETP Client host or machine name. |
| Application | Shows the application name related to the DNS activity. This data is available if your organization is participating in the beta for application visibility and control (AVC). |
| Risk | Shows the risk associated with the DNS activity. This data is available if your organization is participating in the beta for application visibility and control (AVC). |
| Security Connector | Name of Security Connector that’s directing DNS traffic to ETP. |