DNS activity dimensions

These dimensions are available on the DNS Activity report. You can organize data based on these dimensions.

You must be an ETP super administrator or a user with a specific permission to view the DNS Activity report. For more information, see Enterprise Threat Protector roles.

Dimension Description
Location ETP location where the traffic originated from.
Domain Domain requested by the user.
Source IP IP address of traffic. This is likely the IP address that’s assigned to a location as a result of Network Address Translation (NAT).
Action Policy action that was applied to traffic.
Policy Policy that was applied to the activity.
Autonomous System Name A unique identifier for a network.
Query Type DNS resource record type associated with the request.
Resolved IP IP address that’s resolved from a domain name.
On Ramp Type If traffic is directed to ETP Proxy, this dimension indicates the type of proxy that applies. This field may show these values:
  • If traffic is directed to the selective proxy, DNS appears.
  • If traffic is directed to the full web proxy, web appears.
  • If traffic is directed to the proxy as a result of the ETP Client, etp_client appears.
Internal Client IP Internal IP address of the user’s machine.
Internal Client Name Internal client name of machine that’s detected by DNS Forwarder.
Client Request ID Universally unique identifier (UUID) of ETP Client that’s installed on the machine.
Machine Name If activity is detected off the corporate network or ETP Client directs traffic to ETP Proxy, this dimension identifies the ETP Client host or machine name.
Application Shows the application name related to the DNS activity. This data is available if your organization is participating in the beta for application visibility and control (AVC).
Risk Shows the risk associated with the DNS activity. This data is available if your organization is participating in the beta for application visibility and control (AVC).
Security Connector Name of Security Connector that’s directing DNS traffic to ETP.