Search, Filter, and Export Securd DNS Logs
Use the Traffic Logs interface in Securd to search, filter, analyze, and export DNS activity logs for incident response and threat hunting.
Search, Filter, and Export Securd DNS Logs
Each Securd Company has its own private DNS log data store where real-time records of DNS and web activity are securely stored. Users can search, analyze, and export these logs to support incident investigations, threat hunting, and policy auditing.
🔍 Search and Filter DNS Logs
Within the Traffic Logs section of the Securd console, users can apply filters to isolate DNS activity based on specific criteria. This helps surface meaningful patterns and investigate security-related events.
How to Search and Filter:
- Navigate to Traffic Logs.
- Click New Filter Condition to define your query.
- Add multiple filters as needed to narrow the result set.
- Remove filters by clicking the X next to each condition.
- Click Submit to run your query and update the log results.
A summary of your query results will be displayed above the detailed log table for quick analysis.
📄 Log Entry Format
Each DNS log record includes detailed metadata to support contextual analysis. Fields are structured as follows:
- Time: UTC timestamp of the request
- Action: Whether the request was allowed or denied
- Reason: Policy component responsible for the action
- Source: Client IP address making the request
- DNS Server: Target DNS resolver
- Direction: Direction of the DNS request
- Query Name: The domain or hostname queried
- Query Type: Type of DNS record (e.g., A, AAAA, CNAME)
- Protocol: DNS protocol used (UDP, TCP, DoH, DoT)
- Domain Rank: DigitalStakeout’s risk score or reputation rank
- Context: Process or trigger responsible for action
- Event: Whether the query is new or repeated
- TTL: Time to live for the DNS response
- Answer Name: Returned domain name in the response
- Record Type: Type of record returned (e.g., A, TXT)
- Response Data: IP or data returned in the DNS response
- AS Number: Autonomous System Number of the response IP
- AS Name: Name of the network owner of the response IP
- City: City location of the response IP
- Country: Country location of the response IP
These fields offer full visibility into DNS query behavior for any asset or user across your network.
📤 Exporting DNS Logs
You can export filtered DNS logs directly from the Traffic Log interface:
- Click the Export button on the right-hand side of the log table.
- The logs will be downloaded in JSON format, structured in the Securd log schema.
Note: You can export up to 10,000 log entries at a time per query.
🔁 Real-Time Log Forwarding (For Full Access)
For access to all DNS logs without size limits, use real-time log forwarding. This allows logs to be streamed continuously to your preferred log storage or SIEM platform via:
By using the log search and export capabilities in Securd, you gain full visibility into DNS traffic for enhanced security monitoring, compliance reporting, and forensic analysis.
Updated 1 day ago
Learn how to forward logs in real time for long-term retention and integration.