Ingesting DNS Logs to Fusion

See DNS in Fusion for more information about how to use DNS resolver logs in Fusion.

If you are setting up AWS or GCP for the first time, the Quick Start Guides for AWS and GCP have end-to-end steps for configuring DNS resolver logs, along with flow logs and context enrichment.

DNS Resolver Log Sources

AWS Route 53

AWS Route 53 DNS Logs via S3 Setup (Console)

GCP Cloud DNS

GCP Cloud DNS Logs via Pub/Sub Setup

Configure internal domains in Traffic Classification

Once you have configured a traffic source for DNS in Fusion, you should also set the Internal Domains for your organization. This will mark DNS queries to internal domains as internal in Fusion.

In the Fusion Portal, go to Settings > Traffic Classification, and then select the DNS tab.

Add your internal domains to this page's Internal Domains section.