Search and Filter Securd Logs
Each Securd "company" has a private log data store where detailed DNS and web activity logs are recorded in real-time. Users can search and analyze logs to investigate incidents and to hunt threats.
Search and Filter DNS Logs
Under the "Traffic Logs" section, you can create complex filters to isolate logs. Your log query will be summarized and the detail log records will be below the summary charts. Simply click on the "New filter condition" to expand your filter. Click on the "x" of a filter item to remove the filter condition. You will have to press "Submit" to run the query to update your results.
Log entries will are in the following format:
Time: UTC time of request.
Action: Label if request allowed or denied.
Reason: Policy component that allowed or denied the request.
Source: The client IP address of the request.
DNS Server: The target DNS server processing the request.
Direction: The direction of the request.
Query Name: The host name being queried.
Query Type: The type of DNS record query.
Protocol: The DNS protocol being used in the query.
Domain Rank: The DigitalStakeout domain rank of the query.
Context: The context of what Securd process blocked or allowed the query.
Event: Whether the asset query is a new or a repeat query.
TTL: Time to live of the response of the query.
Answer Name: The answer name of the query.
Record Type: The type of record returned in the query.
Response Data: The response data that returned with the query.
AS Number: The target AS Number of the resolved IP of the response.
AS Name: The target AS Name of the resolved IP of the response.
City: The city of the resolved IP of the response.
Country: The country of the resolved IP of the response.
Exporting DNS Logs
To export the logs from your query, simply click on the export button on the right hand side of the traffic log table. Your logs will be exported into a JSON file in Securd log format.
Note: You can only export less than 10,000 log entries at a single time.
If you require access to all your logs, you can perform this action with the real-time log forwarding feature.
Search, Filter and Export DNS Logs
Each Securd company (tenant) has a private log data store where detailed DNS and web activity logs are recorded in real-time. Users can search and analyze logs to investigate incidents and to hunt threats. Search and Filter DNS Logs Under the ...
Syslog Fowarding DNS Logs
Securd supports real-time log syslog forwarding. Log forwarding is a real-time fork of your DNS log data to a target syslog server. We do the hard work by enriching and annotating your logs with contextual information. DNS logs are known to very ...
PagerDuty Securd Integration
Trigger Securd alerts to PagerDuty, so you can remediate cyber security incidents faster. 1. Perform the PagerDuty Setup Process first. PagerDuty Setup Process Login to PagerDuty, go to the Configuration menu and select Services. On the Services ...
HTTP Log Forwarding DNS Logs
Securd supports real-time log HTTP forwarding. Log forwarding is a real-time fork of your DNS log data to a target HTTP webhook endpoint. We do the hard work by enriching and annotating your logs with contextual information. DNS logs are known to ...
Threat Hunting with Securd
A cloud-based DNS firewall, such as Securd, can be an effective tool for threat hunting by security analysts. Here is a step-by-step guide on how a security analyst can use Securd for threat hunting: Set up Securd: The first step in using Securd for ...