DNSFilter
DNSFilter is a cloud-based DNS security and content filtering solution that protects against malware, phishing, and other web threats. DNSFilter logs provide information on DNS queries, including domain requests, categorization (e.g., malicious, safe, or blocked), and response actions. These logs help with monitoring web traffic, enforcing content filtering policies, and identifying potential security threats such as malicious domains or phishing attempts.
Ingest Methods
Setup the ingestion of this source using one of the following guides.
If using an AWS S3 bucket use the following SNS topic ARN to send your bucket notifications.
arn:aws:sns:<REGION>:253602268883:runreveal_dnsfilterSNS topic & Custom SQS. Use the ARN above in your event notification tied to your S3 bucket—the topic name must match (runreveal_…; hyphens in the source id become underscores). For Custom SQS, set the queue URL and region in RunReveal; see AWS S3 Bucket with Custom SQS.
Note: BYOC, On-Prem, and BYODB customers must use their AWS account ID in the ARN instead of 253602268883.
Setup
In order to ingest your DNSFilter logs you will need to export them to an AWS S3 bucket. You can reference the DNSFilter guides on how to do this.
Schema
The following columns are exposed for this source. RunReveal applies schema normalization across all sources, ensuring uniform field names and data types for cross-source queries and reusable detection logic.
Table: runreveal_logs (22 columns)
runreveal_logs (22 columns)| Column | Type |
|---|---|
id | String |
receivedAt | DateTime |
workspaceID | String |
sourceType | String |
sourceID | String |
eventID | String |
eventName | String |
eventTime | DateTime |
readOnly | Bool |
srcIP | String |
resources | Array(String) |
serviceName | String |
srcASOrganization | Nullable(String) |
srcASNumber | Nullable(UInt32) |
srcASCountryCode | Nullable(String) |
dstIP | String |
dstASOrganization | Nullable(String) |
dstASNumber | Nullable(UInt32) |
dstASCountryCode | Nullable(String) |
actor | Map(String, String) |
tags | Map(String, String) |
rawLog | String |