Monitor DNS Security

Table of Contents

Bypass DNS Security Subscriptions Services

Monitor DNS Security Subscription Services

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager) Prisma Access (Managed by Panorama) NGFW (Managed by Strata Cloud Manager) NGFW (Managed by PAN-OS or Panorama) VM-Series CN-Series	Advanced DNS Security License (for enhanced feature support) or DNS Security License Advanced Threat Prevention or Threat Prevention License

Palo Alto Networks provides several options to monitor DNS Security and Advanced DNS Security activity to accommodate intelligence retrieval for a range of products that rely on DNS Security subscription services and the associated traffic data. Depending on the product platform, you can access high-level dashboards that provide DNS request statistics and usage trends, including context into network activity, to specific DNS request details from specific users in the form of logging data.

You can also view how the DNS Security subscription services integrate with other Palo Alto Networks applications and security services to protect your organization from threats, as well as get a high-level view of the overall operational health of your deployment, through the Strata Cloud Manager Command Center. The command center functions as your NetSec homepage and provides a comprehensive summary of the health, security, and efficiency of your network, in an interactive visual dashboard with multiple data facets for easy, at-a-glace assessment.

For more specific details about DNS Security subscription service operations, the dashboard provides a view into your networks DNS query data as well as the ability to drill down into various DNS trends. Each dashboard card provides a unique view into how DNS requests and responses are processed and categorized in a graphical report format. This allows you to see, at a glance, a high-level view of your organization’s DNS usage statistics. It also provides a list of misconfigured domains and hijacked domains detected by the Advanced DNS Security service, enabling you to correct and rectify any DNS configuration errors. The misconfigured domains are based on the public-facing parent domain entries added to

DNS Zone Misconfigurations

list.

You can also view the logs that are automatically generated when DNS requests are processed. These event files are time-stamped and provide an audit trail when configured to do, based on the DNS category log configuration. DNS log entries can contain various details about the DNS request, including the nature of the DNS threat posed by the associated domain, as well as action taken when the threat was detected.

Palo Alto Networks provides several methods to monitor the DNS Security activity based on your platform.

The Strata Cloud Manager Command Center

View DNS Security Dashboard

View DNS Security logs for the DNS queries that passed through my network