DNSEye can collect logs from many different brands and models of DNS servers without the need for making any change in your network structure. It can collect Microsoft, Infoblox, BIND, BlueCat,EfficientIP, F5, and Citrix DNS server logs with high performance.

Before selecting data for review by SOC teams, the domains must first be classified. With DNSSense’s AI-powered Cyber X-Ray infrastructure, they are divided into 72 different categories in 4 main groups.

DNS logs only include the source IP address. Since IP addresses vary, this should be enriched with information on the permanent machine and user behind the DNS query in question. DNSEye’s “Host Discovery”, “User Identification” and “Report” features uncover the real machine that makes the DNS query and the users logged into this machine.

DNSEye’s advanced reporting interface gives you easy access to classified and meaningful reports on the previous year’s DNS traffic. In addition, it transmits data needed by SOC teams for analysis to the SIEM product. It provides users with a very flexible interface for selecting logs to be transmitted. Apart from sending the entire log according to the user's preference, DNSEye can save up to 1000 times the amount of logs with the ability to apply different DNS query filters to better define traffic information.

Courtesy of its Security Gap feature, DNSSense reports the existing malicious activities that have managed to pass through each current security asset (UTM Firewall, Proxy, DNS Firewall, etc.) in your network without detection.

The APIs of EDR systems are used to gather information about the application that makes the malicious DNS query in order to understand whether the devices are infected or not.

In corporate networks, the amount of DNS traffic, visited categories and even the visited domains come in certain patterns. DNSEye learns the DNS traffic of the institution in question and reports anomalies.