This topic describes the Suspicious DNS Activity report. The following figure shows the Suspicious DNS Activity report listing all the suspicious domains and the risk score for each.
The following figure shows the different panels in this view.
The Suspicious DNS Activity report has the following panels:
- Domain Heading
- Domain Fields
- Domain Histograms
Domain Heading Panel
The Domain Heading panel allows you to view the risk score, domain name (example, bitminter.com), the time the report is generated, along with the start and end date when the report is executed.
Domain Fields Panel
The Domain Fields panel displays the following fields from the Mongo DB database.
Domain Histograms Panel
The Domain Histograms panel displays the Vertical Histogram which depicts the suspicious ASNs or countries in dark blue color.
View a Suspicious DNS Activity Report
To view a Suspicious DNS Activity report:
In the Security Analytics menu, click Reports.
The Manage tab is displayed.
Click Warehouse Analytics.
The Warehouse Analytics view is displayed.
In the Warehouse Analytics toolbar, click View All Jobs.
A list of jobs along with their schedule name and time is displayed on the View tab.
- Double-click on an execution based on the Suspicious DNS Activity.
The Suspicious DNS Activity report for the domain is displayed.
Perform the following task: Click the Investigate button to review the Suspicious DNS Activity.