Filter explanation
- Purpose
- Allows filtering the table below for requests, responses, hosts, etc. of interest. The default values depend on the source chart.
- Host
- The host name
- Process
- The process name
- DNS request
- The DNS request
- Min. request length
- The DNS request's minimum size in bytes
- Max. request length
- The DNS request's maximum size in bytes
- Response
- The DNS response or responses
- Response type
- The DNS response type or types. Use the percent ( % ) symbol as a wildcard for matching multiple characters. Use the underscore ( _ ) character as a wildcard to match a single character.
- Risky requests only
- Risky requests are requests where one of the tests (> 52 chars, High entropy, etc.) found something. The corresponding fields are highlighted in red in the table below.
- Is checked if the source chart is DNS risk over time.
- Is not checked if the source chart is DNS packet size distribution.