Running a detailed report for monitored or blocked domains

Overview

The domain detailed report is a feature of Cyber Shield Domain Filtering. The report provides information about any monitored and blocked domains for the previous five-day period. Generated reports are in CSV format and emailed to the signed-in administrator.

The Top 10 Dashboard provides a link you can use to email a report of all the domains in the past five days for the counts displayed in the current level of drill-down. For instance, at the top-level of the Top 10 Dashboard, the CSV file contains data for all categories, users, and devices for the last five days. If you drill down to a specific category, the report contains domains only from that category for all users and devices. And at the user level, the report contains domains only for that user for all devices for that specific domain category. You can also drill-down to the device level.

Steps

  1. From the Shield page, access the Top 10 Dashboard.
  2. Choose either Observed Domains by Category or Blocked Domains by Category and then select the time period from the values at the top-right.
  3. To chose a specific category, user, or device, enable Investigate Mode at the bottom right and then drill down.
  4. To generate the report, click the Export observed/blocked domains for the last 5 days link at the bottom left.
    You are emailed a link to the CSV report.
  5. Check the content of the CSV file with a text editor. The file contains the following information:
    • Day - The date of the event.
    • First resolve time - The time when the domain name was first queried during the day of the event.
    • Last resolve time - The time when the domain name was last queried during the day of the event.
    • Hit count - The number of domain name resolutions during the above time interval
    • Domain - The domain name that was queried
    • Category - The classification category for that domain name.
    • User - The username that initiated the domain name lookup query. This field is blank if the DNS request came from a Host or Network.
    • Device - The device from which the domain name lookup query was initiated. This field is blank if the DNS request came from a Host or Network.
    • Host - The name of the host that initiated the domain name lookup query. This field is blank if the DNS request came from a user’s device.
    • Network - The name of the network that initiated the domain name lookup query. This field is blank if the DNS request came from a user’s device.
    • Connector - The name of the connector from which the domain name lookup query was initiated. This field is blank if the DNS request came from a user’s device.