You can configure the following DNS appliances with InsightIDR:

DNS logs provide more information about web traffic than firewall logs. DNS also provides greater visibility into destination URLs, which can be flagged in Account Visited Suspicious Link incidents.

Connecting DNS as an event source allows InsightIDR to track services, incidents, and threats found on your network. The DNS server logs are a vital event source to connect.

InsightIDR monitors the following fields:

  • Timestamp
  • Asset
  • User
  • Source Address
  • Query
  • Public Suffix
  • Top Private Domain