Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
DNS Insight app icon

DNS Insight

This App visualizes DNS traffic and helps to pinpoint errors and anomalies (like DNS-Tunneling).

Built by
splunk product badge
screenshot
screenshot
screenshot
Latest Version 0.0.10
March 14, 2024
Compatibility
Splunk Enterprise, Splunk Cloud
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3
CIM Version: 5.x, 4.x
Rating

0

(0)

Log in to rate this app
Support
DNS Insight support icon
Developer Supported app
This App visualizes DNS traffic and helps to pinpoint errors and anomalies (like DNS-Tunneling). DNS Insight takes an output of tcpdump as input, parses it and displays results as following charts and tables: Overview -Total Events -Parsing Errors -Query Type Distribution -Return Code Distribution -Protocol (UDP/TCP) Distribution Top Queries -Top Queries -Top Level Domains -Top Domains -Top Reverse Resolution Entries (PTR) IPv4 -Top Reverse Resolution Entries (PTR) IPv6 -Top Destinations -Top Sources Anomalies -Top DNS Errors -DNS Packet Length -Number of Labels in the query Performance -Slowest Transactions -Duration DNS Tunneling -Possible DNS Tunnelling Search Help The DNS Traffic can be collected simultaneously from many different sources: -windows (using TA-tshark or by capturing with dumpcap/tshark/Wireshark) -linux (tcpdump script or using TA-tcpdump) -switch mirror port (SPAN) -TAP device -manual import from a saved network dump (pcap file) -Splunk Stream (https://splunkbase.splunk.com/app/1809/) -Technology Add-On for Unbound DNS (https://splunkbase.splunk.com/app/4888/) -Splunk Add-on for ISC BIND (https://splunkbase.splunk.com/app/2876/) - query log only

Categories

IT Operations, Security, Fraud & Compliance

Created By

Pavel Prostin

Type

app

Downloads

3,596

Licensing

Creative Commons BY-ND 3.0(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing