11-24-2021 07:23 AM - edited 11-24-2021 08:58 AM
Attached is the XML code necessary to produce the DNS Client Query Analysis Dashboard within the Infoblox Reporting & Analytics solution. The purpose of this dashboard is to answer two basic questions often asked in a security context:
1. What clients have queried a given FQDN?
2. What FQDNs has a given source IP looked up?
Both of those questions can be answered quickly using this dashboard. The top half of the dashboard provides a view of source IP addresses listed by queried FQDN. The bottom half provides a view of all FQDNs queried in the requested timeframe listed by source IP. Below are some screenshots showing searches for a domain name, and for a specific source IP. It should be noted that the domain name search only applies to the top half of the dashboard, and the source IP search only applies to the bottom half of the dashboard, allowing the two to be filtered independently.
REQUIREMENT: This dashboard requires that you are using the Infoblox Data Connector in conjunction with NIOS query capture and that you are forwarding the query capture data in to the Reporting Member.
INSTALLATION: To install and run this dashboard:
- Click Reporting -> Dashboards -> Create New Dashboard
- Enter a temporary value for Title (this will be overwritten in a subsequent step) -> click Create Dashboard
- Click Source or Edit Source (depending on the NIOS version you are running)
- Copy the entire contents of the XML attached and completely replace the XML source of the newly created Dashboard
- Optionally change the value of the <label> and <description> tags at the top of the XML. By default the Dashboard will be called "DNS Client Query Analysis Dashboard".
- Click Save