Summary of DNS activity

Enterprise Threat Protector provides analytics on DNS activity. On the DNS Summary activity report, you can view graphs with the following information:

  • Total Queries: Shows the total number of DNS requests. You can also select to show data in terms of Autonomous System (AS) Name, AUP category, domains, geographical area, query type, source IP address, applications, risk level, or locations.
  • Top Autonomous System Name: Shows the top autonomous system names for DNS responses.
  • Top Domain: Shows the top domains users requested.
  • Top Geo: Shows the top geographical areas where DNS responses originate from.
  • Top Location: The top locations where DNS requests originate from.
  • Top Query Type: Shows the top DNS resource record types for DNS requests.
  • Top AUP Category: Shows the top Acceptable Use Policy (AUP) categories associated with DNS requests.
  • Top Source IP. Shows the top source IP addresses that generated DNS requests.
  • Top Application. Shows the top web applications that are requested.
  • Top Risk. Shows the top risk levels of websites or web applications that are requested.
  • Top Sub-Location. Shows the top sub-locations where DNS requests originate from.

The selected date or dates for the page filters the data that is reported on the DNS Summary tab. You can create a filter that locates DNS activity based on AS Name, Domain, Geo, Location, Query Type, AUP Category, Source IP, risk level, and application. You can also exclude the top 10, 100, 1K, 10K, 100K, or one million websites that Alexa Internet, Inc. publishes as most popular on the internet. This is a useful filter to focus your reports on DNS activity that may be potentially harmful to your network.

When viewing graphs, you can hover over parts of them to view total numbers. If you are a delegated or tenant administrator, the data on this tab is based on the locations you created and you are allowed to access.

Depending on the information, you can also select different views of the data:

  • For the Total Queries, you can show data in a line or bar graph.
  • For the other data, you can show data in a bar graph, pie chart, or table. You can also download all data into separate spreadsheets. While the DNS Summary tab provides a graphical view of this data, you can download the spreadsheet to view a complete list of data in each of these areas. For more information see Download a DNS Activity Data Spreadsheet.

The DNS Summary activity report also includes an icon where you can produce a PDF of the page. The PDF shows an image of the page from the point in time when you selected to produce the PDF. For example, the applied filters and graphs are captured in the PDF.