DNS activity dimensions
You must be an ETP super administrator or a user with a specific permission to view the DNS Activity report. For more information, see Enterprise Threat Protector roles.
Dimension | Description |
---|---|
Location | ETP location where the traffic originated from. |
Domain | Domain requested by the user. |
Source IP | IP address of traffic. This is likely the IP address that’s assigned to a location as a result of Network Address Translation (NAT). |
Action | Policy action that was applied to traffic. |
Policy | Policy that was applied to the activity. |
Autonomous System Name | A unique identifier for a network. |
Query Type | DNS resource record type associated with the request. |
Resolved IP | IP address that’s resolved from a domain name. |
On Ramp Type | If traffic is directed to ETP Proxy, this dimension
indicates the type of proxy that applies. This field may show these
values:
|
Internal Client IP | Internal IP address of the user’s machine. |
Internal Client Name | Internal client name of machine that’s detected by DNS Forwarder. |
Client Request ID | Universally unique identifier (UUID) of ETP Client that’s installed on the machine. |
Machine Name | If activity is detected off the corporate network or ETP Client directs traffic to ETP Proxy, this dimension identifies the ETP Client host or machine name. |
Application | Shows the application name related to the DNS activity. This data is available if your organization is participating in the beta for application visibility and control (AVC). |
Risk | Shows the risk associated with the DNS activity. This data is available if your organization is participating in the beta for application visibility and control (AVC). |
Security Connector | Name of Security Connector that’s directing DNS traffic to ETP. |