Visualizing DNS analytics data in the dashboard
You can view DNS analytical statistics in the QRadar® DNS Analyzer app dashboard or view the dynamic charts that present the analytics data on the QRadar console.
Procedure
- After you install the QRadar DNS Analyzer app, click the DNS Analyzer tab.
- Click Dashboard to view DNS analytical statistics and DNS traffic charts.
- In the upper section of the Dashboard tab, you can view DNS
analytical statistics.
Option Description Domains Observed (Last Day) The total number of the domains that are observed until the end of last operation day.
Domains Processed (Last Day) The total number of the domains that are processed until the end of last operation day.
Events (Last Hour) The total number of the events that are created until the end of last operation hour.
Events (Last Day) The total number of the events that are created until the end of last operation day.
Domain Detection DGA, Squatting, Tunneling, and Deny list.
- In the lower section of the Dashboard tab, you can view DNS
Traffic Charts. Click the Day and Week button to specify the time frame. Note: "UNKNOWN" will be displayed when a request type is not available in an event ingested from QRadar. This can occur when the log source type is not a DNS server.
-
Click the Main Menu on the QRadar Console, and then select DNS Analyzer
as a favorite to make it visible in QRadar. Note: The Dashboard is automatically refreshed every minute and shows you the following domain data.
- Optional: For optimal presentation of the DNS analytics data, configure your
QRadar dashboard items with the following chart types.
Table 1. Optimal dashboard item settings Dashboard items Chart type Malicious Domain Requests by Source IP Table Malicious Domain Requests by Source IP Bar Malicious Domain Requests by Source IP Time Series Malicious Domain Requests by Domain Time Series Malicious Domain Requests by Domain Table Malicious Domain Requests by Domain Pie Table 2. Dashboard item descriptions Dashboard items Descriptions Malicious Domain Requests by Source IP Statistics of the requests that are made by the malicious Domain Name Services (DNS) server IP address. Malicious Domain Requests by Domain Statistics of the requests that are made by the malicious domain name. Malicious Domain Requests by Type Statistics of the requests that are made by the malicious domain type.