DigitalStakeoutAbout Us
Guides
Start typing to search…

Search, Filter, and Export Securd DNS Logs

Use the Traffic Logs interface in Securd to search, filter, analyze, and export DNS activity logs for incident response and threat hunting.

Search, Filter, and Export Securd DNS Logs

Each Securd Company has its own private DNS log data store where real-time records of DNS and web activity are securely stored. Users can search, analyze, and export these logs to support incident investigations, threat hunting, and policy auditing.

🔍 Search and Filter DNS Logs

Within the Traffic Logs section of the Securd console, users can apply filters to isolate DNS activity based on specific criteria. This helps surface meaningful patterns and investigate security-related events.

How to Search and Filter:

  1. Navigate to Traffic Logs.
  2. Click New Filter Condition to define your query.
  3. Add multiple filters as needed to narrow the result set.
  4. Remove filters by clicking the X next to each condition.
  5. Click Submit to run your query and update the log results.

A summary of your query results will be displayed above the detailed log table for quick analysis.

📄 Log Entry Format

Each DNS log record includes detailed metadata to support contextual analysis. Fields are structured as follows:

  • Time: UTC timestamp of the request
  • Action: Whether the request was allowed or denied
  • Reason: Policy component responsible for the action
  • Source: Client IP address making the request
  • DNS Server: Target DNS resolver
  • Direction: Direction of the DNS request
  • Query Name: The domain or hostname queried
  • Query Type: Type of DNS record (e.g., A, AAAA, CNAME)
  • Protocol: DNS protocol used (UDP, TCP, DoH, DoT)
  • Domain Rank: DigitalStakeout’s risk score or reputation rank
  • Context: Process or trigger responsible for action
  • Event: Whether the query is new or repeated
  • TTL: Time to live for the DNS response
  • Answer Name: Returned domain name in the response
  • Record Type: Type of record returned (e.g., A, TXT)
  • Response Data: IP or data returned in the DNS response
  • AS Number: Autonomous System Number of the response IP
  • AS Name: Name of the network owner of the response IP
  • City: City location of the response IP
  • Country: Country location of the response IP

These fields offer full visibility into DNS query behavior for any asset or user across your network.

📤 Exporting DNS Logs

You can export filtered DNS logs directly from the Traffic Log interface:

  • Click the Export button on the right-hand side of the log table.
  • The logs will be downloaded in JSON format, structured in the Securd log schema.
⚠️

Note: You can export up to 10,000 log entries at a time per query.

🔁 Real-Time Log Forwarding (For Full Access)

For access to all DNS logs without size limits, use real-time log forwarding. This allows logs to be streamed continuously to your preferred log storage or SIEM platform via:

By using the log search and export capabilities in Securd, you gain full visibility into DNS traffic for enhanced security monitoring, compliance reporting, and forensic analysis.

Updated 22 days ago

What’s Next

Learn how to forward logs in real time for long-term retention and integration.