Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific

Reporting

Reply

Top DNS clients per FQDN

DBrown_1
Techie
Posts: 3
3016     0

Hello:

 

I would like to create a report so I can drill down to find out which clients are sending queries to my "Top NXDomain" and "Top Timed-out Recursive" FQDNs.  I can't seem to find an index that has both client and source data.

 

This would be very useful for cases where people see tens or hundreds of thousands of NXDoman or timed-out recursive hits - the next question is always "who is making all those queries?"

 

To simplify, I think a "Top 10 clients" report based on a FQDN filter would do the trick, if such a thing is possible.

 

Thank you.

Re: Top DNS clients per FQDN

Adviser
Posts: 81
3017     0

Hello,

 

You can do a simple report that list Top timeout relying on index=ib_dns_summary report=si_top_timeout_queries

and then a drilldown that triggers a search on sourcetype=ib:dns:capture index=ib_dns_capture selected_domain

 

Note that you must use the query capture and data connector to log all DNS queries and responses.

 

Regards

 

Nicolas

Check out our new Tech docs website at http://docs.infobox.com for latest documentation on Infoblox products.
Showing results for 
Search instead for 
Do you mean 

Recommended for You