Overview
EnforceDNS aggregates all the Watch Engine, Highly Suspicious, and Blocked DNS traffic on the EnforceDNS Alerts page. This allows users to easily filter and sort Alerts.
Alert View
-
When you open the Alerts page, the most recent 50 alerts will be listed in chronological order. You can use the pulldown at the bottom of the page to change the number of items listed per page.
Deleting Alerts
-
If you wish to delete an alert, you may do so by checking the box next to the alert and then clicking the trash can icon near the top left.
Acknowledging Alerts
-
In some cases, it may be useful to acknowledge an alert rather than delete it. In this scenario, the alert remains in the UI with a green check mark next to it. There are two ways to acknowledge an alert:
-
Click on the empty space in between the check box and the timestamp, and a green check mark will appear.
-
Select the check box for the alert(s) you wish to acknowledge and then click the check mark symbol in the upper left corner of the page (next to the trash can icon).
-
Refreshing Alerts
-
Since the Alerts page doesn’t automatically update, hit the refresh button (next to the check mark symbol) to pull in any new alerts.
Downloading Alerts
-
Select the alert(s) you wish to download, then click the download icon to download the alerts in either CSV or JSON format.
Filtering Alerts
-
Analyzing alerts on the Alerts page is made simple by utilizing the built in filters. You can filter by Acknowledged Status (New/Acknowledged), Time Stamp, First Seen, Last Seen, Status, FQDN and Domain Age. As you begin filtering the data, you can refine your results by adding additional filters.
Searching Alerts
-
You can search alerts by using the search box at the top right of the Alerts page.