View DNS Security Logs

Where Can I Use This?	What Do I Need?
Prisma Access NGFW AIOps Cortex Data Lake	DNS Security License Advanced Threat Prevention or Threat Prevention License

You can browse, search, and view DNS Security logs that are automatically generated when DNS Security encounters a qualifying event. Typically, this includes any domain category that DNS Security analyzes unless it is specifically configured with a log severity level of none. Log entries provide numerous details about the event, including the threat level and, if applicable, the nature of threat.

DNS Security logs are accessible directly on the firewall or through CDL-based log viewers (AIOps, Prisma Access, CDL, etc). While the firewall allows you to access malicious threat log entries that are generated when users make DNS queries, benign DNS requests are not recorded. DNS Security data is also forwarded to Cortex Data Lake through log forwarding (as threat logs) and DNS Security telemetry (as DNS Security logs), which are then referenced by various Activity log viewer applications. DNS Security telemetry operates with minimal overhead, which limits the amount of data sent to CDL; as a result, only a subset of DNS queries are forwarded to CDL as DNS Security log entries, regardless of the severity level, threat type, or category. The threat logs for malicious DNS requests that are forwarded to CDL using log forwarding are available in their entirety. As a result, Palo Alto Networks recommends viewing logs for malicious DNS requests as threat logs instead of DNS Security logs.