- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
DNS Client Query Analysis Dashboard
[ Edited ]- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-24-2021 07:23 AM - edited 11-24-2021 08:58 AM
Attached is the XML code necessary to produce the DNS Client Query Analysis Dashboard within the Infoblox Reporting & Analytics solution. The purpose of this dashboard is to answer two basic questions often asked in a security context:
1. What clients have queried a given FQDN?
2. What FQDNs has a given source IP looked up?
Both of those questions can be answered quickly using this dashboard. The top half of the dashboard provides a view of source IP addresses listed by queried FQDN. The bottom half provides a view of all FQDNs queried in the requested timeframe listed by source IP. Below are some screenshots showing searches for a domain name, and for a specific source IP. It should be noted that the domain name search only applies to the top half of the dashboard, and the source IP search only applies to the bottom half of the dashboard, allowing the two to be filtered independently.
REQUIREMENT: This dashboard requires that you are using the Infoblox Data Connector in conjunction with NIOS query capture and that you are forwarding the query capture data in to the Reporting Member.
INSTALLATION: To install and run this dashboard:
- Click Reporting -> Dashboards -> Create New Dashboard
- Enter a temporary value for Title (this will be overwritten in a subsequent step) -> click Create Dashboard
- Click Source or Edit Source (depending on the NIOS version you are running)
- Copy the entire contents of the XML attached and completely replace the XML source of the newly created Dashboard
- Optionally change the value of the <label> and <description> tags at the top of the XML. By default the Dashboard will be called "DNS Client Query Analysis Dashboard".
- Click Save
Re: DNS Client Query Analysis Dashboard
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-22-2023 10:30 AM
I followed your article step by step but even for google.com I have No result found.
I tried few other built in reports and non of them shows any data. Only search comes with any result. Any idea what is wrongly configured?
Thanks,
A.
Re: DNS Client Query Analysis Dashboard
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-22-2023 10:57 AM
If you are not seeing data in this report, I would first ask whether or not you have enabled query capture to a Cloud Data Connector that is configured to send the query capture data to your reporting server. You mentioned missing data in other reports, which could mean that you don't have the indexing set up properly in your Grid reporting properties or that the reporting service isn't running on members that would produce the data.
Re: DNS Client Query Analysis Dashboard
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2023 10:32 AM
In my case the ib:dns:capture has the last update in 5/27/19 11:18:30.000 PM. Looks like that something change in this date.
Re: DNS Client Query Analysis Dashboard
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2023 01:31 PM
Is query capture enabled and is the CDC configured to send it to the reporting member? If not, that is your issue.
Re: DNS Client Query Analysis Dashboard
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2024 07:34 AM
Hi Ross,
Still working for you without changing the fields src_ip and query? For me that fields had being changed. I'm using 9.0 NIOS version.
Re: DNS Client Query Analysis Dashboard
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-21-2024 01:47 PM
Leticia,
I haven't tried it in a grid running NIOS 9 yet. I'd love to know what you found that changed between 8.6 and 9 that required intervention.