DNS Client Query Analysis Dashboard

[ Edited ]
Posts: 9
417     0

Attached is the XML code necessary to produce the DNS Client Query Analysis Dashboard within the Infoblox Reporting & Analytics solution.  The purpose of this dashboard is to answer two basic questions often asked in a security context:


1. What clients have queried a given FQDN?

2. What FQDNs has a given source IP looked up?


Both of those questions can be answered quickly using this dashboard.  The top half of the dashboard provides a view of source IP addresses listed by queried FQDN.  The bottom half provides a view of all FQDNs queried in the requested timeframe listed by source IP.  Below are some screenshots showing searches for a domain name, and for a specific source IP.  It should be noted that the domain name search only applies to the top half of the dashboard, and the source IP search only applies to the bottom half of the dashboard, allowing the two to be filtered independently.


REQUIREMENT:  This dashboard requires that you are using the Infoblox Data Connector in conjunction with NIOS query capture and that you are forwarding the query capture data in to the Reporting Member.


INSTALLATION:  To install and run this dashboard:

  1. Click Reporting -> Dashboards -> Create New Dashboard
  2. Enter a temporary value for Title (this will be overwritten in a subsequent step) -> click Create Dashboard
  3. Click Source or Edit Source (depending on the NIOS version you are running)
  4. Copy the entire contents of the XML attached and completely replace the XML source of the newly created Dashboard
  5. Optionally change the value of the <label> and <description> tags at the top of the XML.  By default the Dashboard will be called "DNS Client Query Analysis Dashboard".
  6. Click Save


Searching by domain nameSearching by domain nameSearching by client IPSearching by client IP

Showing results for 
Search instead for 
Did you mean: 

Recommended for You