DNS activity dimensions

These dimensions are available on the DNS Activity report. You can organize data based on these dimensions.

You must be an ETP super administrator or a user with a specific permission to view the DNS Activity report. For more information, see Enterprise Threat Protector roles.

Dimension Description
Location ETP location where the traffic originated from.
Domain Domain requested by the user.
Source IP IP address of traffic. This is likely the IP address that’s assigned to a location as a result of Network Address Translation (NAT).
Action Policy action that was applied to traffic.
Policy Policy that was applied to the activity.
Autonomous System Name A unique identifier for a network.
Query Type DNS resource record type associated with the request.
Resolved IP IP address that’s resolved from a domain name.
Category Acceptable Use Policy (AUP) category assigned to the traffic.
On Ramp Type If traffic is directed to ETP Proxy, this dimension indicates the type of proxy that applies. This field may show these values:
  • If traffic is directed to the selective proxy, DNS appears.
  • If traffic is directed to the full web proxy, web appears.
  • If traffic is directed to the proxy as a result of the ETP Client, etp_client appears.
Internal Client IP Internal IP address of the user’s machine.
Client Request ID Universally unique identifier (UUID) of ETP Client that’s installed on the machine.
Machine Name If activity is detected off the corporate network or ETP Client directs traffic to ETP Proxy, this dimension identifies the ETP Client host or machine name.
Security Connector Name of Security Connector that’s directing DNS traffic to ETP.