Strata Cloud Manager
Dashboard: DNS Security
Table of Contents
Dashboard: DNS Security
Use the DNS Security dashboard to understand DNS activity
in your network.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Each of these licenses include access to Strata Cloud Manager:
The other licenses and prerequisites needed for visibility
are:
→ The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are
using.
|
- Click to get started.
What does this dashboard show you?
The dashboard shows aggregated data per tenant service group (TSG). The
dashboard shows data across Prisma Access, Palo Alto Networks firewalls, and
Panorama appliances associated with your tenant.
The new DNS Security dashboard shows
you how your DNS Security subscription is protecting you from advanced threats
and malware that use DNS. You can also filter the information displayed on the
dashboard by time range, action taken, domain, resolver IP, and DNS category.
The source and tenant name for which the data is displayed on the dashboard are
shown in the Tenant Name and Source filters. You can view:DNS request statistics
and trends
- Total DNS Requests - Displays the total number of DNS requests that are processed by DNS Security. The line chart diagrams the number of DNS requests based on the user-defined time range. Specifying a custom time range updates the line chart accordingly.
- Malicious DNS Requests - Displays a stacked bar graph showing DNS requests that are categorized as malicious. Click the number link to view the details of the DNS requests.
- Subscription - Displays the number of devices in your network
with an active DNS Security subscription. A percentage of devices that
are not equipped with DNS Security or with an expired subscription is
also shown with a link to a complete list.
- High-Risk DNS Category Trends - Examine the trend of high-risk
DNS requests according to DNS category or according to the action taken
against them. Hover over a specific flow to open a popup to show the
number of requests or type of action enforced.
- High-Risk DNS Category Distribution Across Actions- Examine the actions the firewall is taking against particular high-risk DNS categories.
- Most Accessed Domains - Provides a list of the top 10 most commonly requested domains from your network along with the DNS category and the action taken. You can view more details and the relevant logs for a domain. Select View All DNS Requests for a complete list of domains that have been accessed.
- DNS Resolvers - Monitor malicious and suspicious DNS resolution activity in your network. View the top DNS resolvers that resolve to malicious domains and the resolvers that are resolving a suspiciously low number of DNS requests. Click the search icon to view more details on the artifact (IP address). You can view the history of the artifact in your network and the global analysis findings.
- Users Visiting Malicious Domains- Examine the hosts on your network who are attempting to resolve the hostname or domain of a malicious URL.
- Requires Advanced DNS Security license Hijacked
Domains- Provides a list of hijacked domains as determined
by Advanced DNS Security. For each entry, there is a categorization
reason and a traffic hit count based on the source IP.
- Requires Advanced DNS Security license Misconfigured
Domains- Provides a list of non-resolvable domains
associated with the user specified public-facing parent domain(s). For
each entry, there is a misconfiguration reason and a traffic hit count
based on the source IP.
This dashboard supports reports. These icons,
in the top right of a dashboard indicate that
reports are supported for this dashboard. You can share, download, and schedule
reports that cover the data this dashboard displays.
How can you use the data from dashboard?
This dashboard helps you to:
- examine how DNS requests are processed and categorized
- get insight into the DNS based threats
- detect DNS requests from hijacked and misconfigured domains with Advanced DNS Security