DNS Firewall reports that captures and counts hits by 2nd level domain

Posts: 8
3693     1


This dashboard captures the 2 level domain name in the DNS firewall messges and counts of them. Useful in pre-implmentation to gage the affect of blocking mode and in production to see if a particular threat by domain name is present. 

L2 Domain Blocked on DNS Firewall.png


Dashbaord XML


  <label>L2 Domain Blocked on DNS Firewall</label>

  <fieldset submitButton="false" autoRun="true">

    <input type="time" token="datetime">












          <query>index=ib_dns_summary source="si-search-dns-rpz-hits"
| rex field=DOMAIN_NAME "^.*(\.|^)(?&lt;l2domain&gt;[^\.]+\..*)"
| table l2domain, TOTAL_COUNT
| stats sum(TOTAL_COUNT) as Matches by l2domain
| sort by Matches desc</query>




        <option name="wrap">true</option>

        <option name="rowNumbers">false</option>

        <option name="drilldown">cell</option>

        <option name="dataOverlayMode">none</option>

        <option name="count">10</option>





Showing results for 
Search instead for 
Did you mean: 

Recommended for You