Welcome to the new Splunkbase! To return to the old Splunkbase, .
Collections
Apps
Submit an app
DNS Insight app icon

DNS Insight

This App visualizes DNS traffic and helps to pinpoint errors and anomalies (like DNS-Tunneling).

Built by
splunk product badge
screenshot
screenshot
screenshot
Latest Version 0.0.10
March 14, 2024
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3
CIM Version: 5.x, 4.x
Rating

0

(0)

Log in to rate this app
Support
DNS Insight support icon
Developer Supported app
This App visualizes DNS traffic and helps to pinpoint errors and anomalies (like DNS-Tunneling). DNS Insight takes an output of tcpdump as input, parses it and displays results as following charts and tables: Overview -Total Events -Parsing Errors -Query Type Distribution -Return Code Distribution -Protocol (UDP/TCP) Distribution Top Queries -Top Queries -Top Level Domains -Top Domains -Top Reverse Resolution Entries (PTR) IPv4 -Top Reverse Resolution Entries (PTR) IPv6 -Top Destinations -Top Sources Anomalies -Top DNS Errors -DNS Packet Length -Number of Labels in the query Performance -Slowest Transactions -Duration DNS Tunneling -Possible DNS Tunnelling Search Help The DNS Traffic can be collected simultaneously from many different sources: -windows (using TA-tshark or by capturing with dumpcap/tshark/Wireshark) -linux (tcpdump script or using TA-tcpdump) -switch mirror port (SPAN) -TAP device -manual import from a saved network dump (pcap file) -Splunk Stream (https://splunkbase.splunk.com/app/1809/) -Technology Add-On for Unbound DNS (https://splunkbase.splunk.com/app/4888/) -Splunk Add-on for ISC BIND (https://splunkbase.splunk.com/app/2876/) - query log only

Categories

Created By

Pavel Prostin

Type

app

Downloads

3,545

Licensing

Splunk Answers

Resources

Log in to report this app listing