DNS
DNS logs provide more information about web traffic than firewall logs. DNS also provides greater visibility into destination URLs, which can be flagged in Account Visited Suspicious Link incidents.
Connecting DNS as an event source allows InsightIDR to track services, incidents, and threats found on your network. The DNS server logs are a vital event source to connect.
InsightIDR monitors the following fields:
- Timestamp
- Asset
- User
- Source Address
- Query
- Public Suffix
- Top Private Domain
Rapid7 can integrate with the following DNS tools to generate alerts in InsightIDR and the Insight Platform:
- Cisco Umbrella
- Dnsmasq DNS
- Infoblox Trinzic
- ISC Bind9
- Microsoft DNS
- PowerDNS
InsightIDR also supports:
- Bluecat
- MikroTik
Did this page help you?