DNS Security now
supports a new log type specifically tailored for
DNS Security events, enhancing visibility and reporting for both benign
and malicious DNS traffic, while also providing comprehensive DNS transaction
details, including query and response information. Previously, DNS Security logs
were generated for DNS traffic defined as a DNS threat category and were
subsequently filed under the Threat log type. With the new DNS Security log type,
you can configure the firewall to generate logs for benign DNS queries.
Additionally, the logs can be forwarded to external logging systems, including Palo
Alto Networks Strata Logging Service, and are accessible through the log viewer and
dashboard.
The updated DNS Security logs also provide comprehensive DNS transaction details.
These include essential fields such as session ID, receive time, source and
destination information, DNS category, threat name, severity, and action taken. It
also provides detailed DNS response data, including flags, query name, record type,
resolved IP addresses, and TTL values. This comprehensive logging enables you to
identify compromised endpoints, assess potential risks to other clients, and perform
retrospective analysis of DNS activity during security incidents. When enabled, you
can capture all DNS traffic logs, allowing for more accurate analysis and enhanced
ability to detect, investigate, and respond to DNS-based threats and improved
incident response capabilities.
