DNS activity dimensions

These dimensions are available on the DNS Activity report. You can organize data based on these dimensions.

You must be an ETP administrator or a user with a specific permission to view the DNS Activity report. For more information, see Enterprise Threat Protector roles.

Dimension Description
Location ETP location where the traffic originated from.
Domain Domain requested by the user.
Source IP IP address of traffic. This is likely the IP address that’s assigned to a location as a result of Network Address Translation (NAT).
Action Policy action that was applied to traffic.
Policy Policy that was applied to the activity.
Autonomous System Name A unique identifier for a network.
Query Type DNS resource record type associated with the request.
Resolved IP IP address that’s resolved from a domain name.
On Ramp Type If traffic is directed to ETP Proxy, this dimension indicates the type of proxy that applies. This field may show these values:
  • If traffic is directed to the selective proxy, DNS appears.
  • If traffic is directed to the full web proxy, web appears.
  • If traffic is directed to the proxy as a result of the ETP Client, etp_client appears.
Internal Client IP Internal IP address of the user’s machine.
Internal Client Name Internal client name of machine that’s detected by DNS Forwarder.
Client Request ID Universally unique identifier (UUID) of ETP Client that’s installed on the machine.
Device Name If activity is detected off the corporate network or ETP Client directs traffic to ETP Proxy, this dimension identifies the ETP Client host or device name.
Device Owner Owner of the device. This is the username or email address of the user who activates ETP Client on their device. This username or email address is associated with the device in ETP reports.
Application For application visibility and control (AVC), shows the application name related to the DNS activity. For more information, see Application visibility and control.
Risk For application visibility and control (AVC), shows the risk associated with the DNS activity. For more information, see Application visibility and control.
Security Connector Name of Security Connector that’s directing DNS traffic to ETP.
Sub-Location Indicates the sub-location where the event originated from.