Filtering DNS Traffic

Introduction

This article will cover how DNS traffic can be filtered and analyzed.

 

Filtering DNS Traffic

When the data is parsed into relevant columns, it is separated along with the columns created by Logsign to enrich the data but not present in the incoming raw data. In the screenshot below, the event type has been determined as DNS based on this enriched data, and only the data related to DNS traffic has been filtered out from all the data in a simple manner.

1.png

 

The screenshot below shows which sources the incoming DNS data came from.

2.png

 

In the screenshot below, data related to Google within the DNS data has been filtered out, and using intelligent filtering, the hosts with which the traffic was generated are shown.

3.png

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.