Logging

Search and Filter DNS Logs

Each Securd tenant has a private log data store where detailed DNS and web activity logs are recorded in real-time. The real-time logging feature of Securd allows administrators to monitor all DNS requests, providing them with detailed information about the source and destination of each request. This information can then be used to identify and block malicious traffic, such as phishing attempts and malware infections.

Log entries are in the following format:

• Time: UTC time of request.

• Action: Label if request allowed or denied.

• Reason: Policy component that allowed or denied the request.

• Source: The client IP address of the request.

• DNS Server: The target DNS server processing the request.

• Direction: The direction of the request.

• Query Name: The host name being queried.

• Query Type: The type of DNS record query.

• Protocol: The DNS protocol being used in the query.

• Domain Rank: The DigitalStakeout Domain Rank of the query.

• Context: The context of what Securd process blocked or allowed the query.

• Event: Whether the asset query is a new or a repeat query.

• TTL: Time to live of the response of the query.

• Answer Name: The answer name of the query.

• Record Type: The type of record returned in the query.

• Response Data: The response data that returned with the query.

• AS Number: The target AS Number of the resolved IP of the response.

• AS Name: The target AS Name of the resolved IP of the response.

• City: The city of the resolved IP of the response.

• Country: The country of the resolved IP of the response.

Securd also includes the ability to export logs, which allows users to share their data with other security tools and systems. This can help organizations integrate Securd with their existing security infrastructure and gain a more complete picture of the activity on their networks. For customers that require an integrated approach to logging, Securd supports real-time log forwarding.