Granular reporting at the network level without the need of installing a client | Voters

Granular reporting at the network level without the need of installing a client

Jonathan Hozeska

The quality of granular reporting is very limited when a client isn't installed.  
I find this is a significant issue when questionable DNS requests are being made from mobile devices, off-domain computers, or even visitor traffic on guest networks.  
Our responsibility has always been to report a source, destination, time, and reason for blocking for audit purposes.  Since switching from Cisco Umbrella, we no longer have this ability.
At the network level, it would be better to have the DNS queries supplemented with local AD information to collect more information about the source of the DNS queries.
For example, Microsoft DNS already has the ability to export DNS traffic to logs for this purpose. It would be a matter of referencing the output of that feature to extract the source IP (and then look up its local host name).  
And additional benefit would be improved DNS reporting for servers that should not have the agent installed and all of the IoT devices that do not support agents at all.
Cisco Umbrella already does this.

June 27, 2023

Ryan Poppa

Merged in a post:

Track usernames to IPs using relay

Chris Stock

Should use a local ad server to track user to IP info. Other products do this so you can see who when my where without the agent

November 1, 2024

Nick Saunders

Merged in a post:

Relay filter by Users/Collection

Dexter

Looking for the ability to filter by users connected to the Relay. More specifically from Collections in the same manner as the Roaming Client.

November 20, 2023

Giuseppe

Hello,

we really need this

Steven

Yes - we need this.

George

That would be nice