Search, Filter, and Export Securd DNS Logs
Each Securd "company" has a private log data store where detailed DNS and web activity logs are recorded in real-time. Users can search and analyze logs to investigate incidents and to hunt threats.
Search and Filter DNS Logs
Under the "Traffic Logs" section, you can create complex filters to isolate logs. Your log query will be summarized and the detail log records will be below the summary charts. Simply click on the "New filter condition" to expand your filter. Click on the "x" of a filter item to remove the filter condition. You will have to press "Submit" to run the query to update your results.
Log entries will are in the following format:
Time: UTC time of request.
Action: Label if request allowed or denied.
Reason: Policy component that allowed or denied the request.
Source: The client IP address of the request.
DNS Server: The target DNS server processing the request.
Direction: The direction of the request.
Query Name: The host name being queried.
Query Type: The type of DNS record query.
Protocol: The DNS protocol being used in the query.
Domain Rank: The DigitalStakeout domain rank of the query.
Context: The context of what Securd process blocked or allowed the query.
Event: Whether the asset query is a new or a repeat query.
TTL: Time to live of the response of the query.
Answer Name: The answer name of the query.
Record Type: The type of record returned in the query.
Response Data: The response data that returned with the query.
AS Number: The target AS Number of the resolved IP of the response.
AS Name: The target AS Name of the resolved IP of the response.
City: The city of the resolved IP of the response.
Country: The country of the resolved IP of the response.
Exporting DNS Logs
To export the logs from your query, simply click on the export button on the right hand side of the traffic log table. Your logs will be exported into a JSON file in Securd log format.
Note: You can only export less than 10,000 log entries at a single time.
If you require access to all your logs, you can perform this action with the real-time log forwarding feature.
Updated about 1 year ago