DNS Security supports a log type specifically tailored for DNS Security events to
provide visibility and reporting for both benign and malicious DNS traffic.
Where Can I Use This? | What Do I Need? |
|
Advanced DNS Security License (for enhanced feature
support), DNS Security License, or Advanced DNS Resolver
License Advanced Threat Prevention or Threat Prevention License
(not required for Advanced DNS Resolver)
|
For PAN-OS 12.1 releases and later, DNS Security supports a log type specifically for
DNS Security events, enhancing visibility and reporting for both benign and
malicious DNS traffic, while also providing comprehensive DNS transaction details,
including query and response information. This must be specifically enabled by the
user, as the previous logs generated for DNS traffic was defined as a DNS threat
category, and were subsequently filed under the Threat log type. With the updated
DNS Security log type, you can configure the firewall to generate logs for benign
DNS queries. Additionally, the logs can be forwarded to external logging systems,
including Palo Alto Networks Strata Logging Service, and are accessible through the
log viewer and dashboard.
The updated DNS Security logs also provide comprehensive DNS transaction details.
These include essential fields such as session ID, receive time, source and
destination information, DNS category, threat name, severity, and action taken. It
also provides detailed DNS response data, including flags, query name, record type,
resolved IP addresses, and TTL values. This comprehensive logging enables you to
identify compromised endpoints, assess potential risks to other clients, and perform
retrospective analysis of DNS activity during security incidents. When enabled you
can capture all DNS traffic logs, allowing for more accurate analysis and enhanced
ability to detect, investigate, and respond to DNS-based threats and improved
incident response capabilities.