DNS insights - BlueCat Edge - Service Point v4.x.x

BlueCat Edge User Guide

Locale
English
Product name
BlueCat Edge
Version
Service Point v4.x.x

The DNS Insights page displays graphical analysis of all queries that have been received through the service points during the last 7 days. The information is displayed as an aggregate of domains, policies, policy actions, threat indicators, source IPs, protocols, query types, response codes, sites, and namespaces.

In the BlueCat Edge window, click . From the DNS activity page, select the Insights tab. The DNS Insights tab displays the following information:

Time Range Displays the range of time in which the information was gathered.
Query Count Displays the number of queries that were received during the specified time range.

DNS query information is represented in the following graphs:

Domains Displays the number of queries that were received for a single domain and a summary of the number of domains that were queried by multiple Source IPs (if the number of domains shown for a group of Source IPs is greater than 1).
Policies Displays the number of queries that were processed by each policy.
Actions Displays the different policy actions that were performed on each query, including the number of queries that were processed using each action.
Threat Indicators Displays the different threat indicators that the queries were categorized.
Source IPs Displays the IP addresses of different sources that requested the queries.
Protocols Displays the different protocols, such as UDP and TCP, that were used by the queries including the number of queries that used each protocol.
Query Types Displays the different record types that were requested by the queries.
Response Codes Displays the number of response codes that were returned by the queries.
Sites Displays the number of queries that were received by the different sites.
Namespaces Displays the number of queries that were received in each namespace.

Filtering queries using DNS Insights graphs

  1. Select one or more sections within the DNS Insights graphs to populate the command bar with filters. The other DNS Insights graphs will react to previous selections made.
    Note: You can clear a filter selection by clicking on the selection again.
  2. Click the Query logs tab to filter queries in the DNS Activity page.