DNS Insight

Splunk Community
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

DNS Insight

DNS Insight
This App visualizes DNS traffic and helps to pinpoint errors and anomalies (like DNS-Tunneling). DNS Insight takes an output of tcpdump as input, parses it and displays results as following charts and tables: Overview -Total Events -Parsing Errors -Query Type Distribution -Return Code Distribution -Protocol (UDP/TCP) Distribution Top Queries -Top Queries -Top Level Domains -Top Domains -Top Reverse Resolution Entries (PTR) IPv4 -Top Reverse Resolution Entries (PTR) IPv6 -Top Destinations -Top Sources Anomalies -Top DNS Errors -DNS Packet Length -Number of Labels in the query Performance -Slowest Transactions -Duration DNS Tunneling -Possible DNS Tunnelling Search Help The DNS Traffic can be collected simultaneously from many different sources: -windows (using TA-tshark or by capturing with dumpcap/tshark/Wireshark) -linux (tcpdump script or using TA-tcpdump) -switch mirror port (SPAN) -TAP device -manual import from a saved network dump (pcap file) -Splunk Stream (https://splunkbase.splunk.com/app/1809/) -Technology Add-On for Unbound DNS (https://splunkbase.splunk.com/app/4888/) -Splunk Add-on for ISC BIND (https://splunkbase.splunk.com/app/2876/) - query log only
Ask a Question View in Splunkbase
0 topics and 0 replies mentioned DNS Insight in
Latest Topics
No posts to display.
Latest Replies
No posts to display.
Top Topics
No posts to display.
My Topics
No posts to display.