Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

NIOS DNS DHCP IPAM

Reply

EA-Record who created a resource record

Adviser
Posts: 51
2838     0

Is there a method for identifying a username tied to the creation of an A, PTR, CNAME, etc record?  Ideally would like to populate an EA with this data.  Is this possible?

Re: EA-Record who created a resource record

[ Edited ]
Authority
Posts: 18
2839     0

If a record is created by an admin or an API script, the audit logs on GM will contain the account used for the action.

 

If the record is created by DDNS instead, the Zone Primary member's syslogs will have the IP address from which it got the update or the key used by the updater.

 

Hope that helps!

Re: EA-Record who created a resource record

Adviser
Posts: 51
2839     0

@jrajan wrote:

If a record is created by an admin or an API script, the audit logs on GM will contain the account used for the action.

 


I was hoping to be able to somehow capture this info.  Take the account from the audit log and add to an EA. This will allow us to track, within IPAM, who either created or last updated a record.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Businesses are investing heavily into securing company resources from cyber-attacks form cybercrimin