Search and Filter DigitalStakeout PDNS Logs
Each DigitalStakeout PDNS company has a private log data store where detailed DNS and web activity logs are recorded in real-time. Users can search and analyze logs to investigate incidents and to hunt threats.
Search and Filter DNS Logs
Under the "Traffic Logs" section, you can create complex filters to isolate logs. Your log query will be summarized and the detail log records will be below the summary charts. Simply click on the "New filter condition" to expand your filter. Click on the "x" of a filter item to remove the filter condition. You will have to press "Submit" to run the query to update your results.
Log entries will are in the following format:
Time: UTC time of request.
Action: Label if request allowed or denied.
Reason: Policy component that allowed or denied the request.
Source: The client IP address of the request.
DNS Server: The target DNS server processing the request.
Direction: The direction of the request.
Query Name: The host name being queried.
Query Type: The type of DNS record query.
Protocol: The DNS protocol being used in the query.
Domain Rank: The DigitalStakeout Securd domain rank of the query.
Context: The context of what Securd process blocked or allowed the query.
Event: Whether the asset query is a new or a repeat query.
TTL: Time to live of the response of the query.
Answer Name: The answer name of the query.
Record Type: The type of record returned in the query.
Response Data: The response data that returned with the query.
AS Number: The target AS Number of the resolved IP of the response.
AS Name: The target AS Name of the resolved IP of the response.
City: The city of the resolved IP of the response.
Country: The country of the resolved IP of the response.
Exporting DNS Logs
To export the logs from your query, simply click on the export button on the right hand side of the traffic log table. Your logs will be exported into a JSON file in DigitalStakeout DigitalStakeout PDNS log format.
Note: You can only export less than 10,000 log entries at a single time.
If you require access to all your logs, you can perform this action with the real-time log forwarding feature.
Search, Filter and Export DNS Logs
Each DigitalStakeout PDNS company (tenant) has a private log data store where detailed DNS and web activity logs are recorded in real-time. Users can search and analyze logs to investigate incidents and to hunt threats. Search and Filter DNS Logs ...
PagerDuty DigitalStakeout PDNS Integration
Trigger DigitalStakeout PDNS alerts to PagerDuty, so you can remediate cyber security incidents faster. 1. Perform the PagerDuty Setup Process first. PagerDuty Setup Process Login to PagerDuty, go to the Configuration menu and select Services. On the ...
Threat Hunting with DigitalStakeout PDNS
A cloud-based DNS firewall, such as DigitalStakeout PDNS, can be an effective tool for threat hunting by security analysts. Here is a step-by-step guide on how a security analyst can use PDNS for threat hunting: Set up PDNS: The first step in using ...
Syslog Fowarding DNS Logs
DigitalStakeout PDNS supports real-time log syslog forwarding. Log forwarding is a real-time fork of your DNS log data to a target syslog server. We do the hard work by enriching and annotating your logs with contextual information. DNS logs are ...
How does the DigitalStakeout PDNS Greywall Work?
Greywalls reduce risk by limiting unwitting end-users from temporarily interacting with domains, host names, and URLs with zero histories, reputation, or generated by an algorithm. DigitalStakeout PDNS greywall uses observation data and reputation ...