Granular reporting at the network level without the need of installing a client
Jonathan Hozeska
The quality of granular reporting is very limited when a client isn't installed.
I find this is a significant issue when questionable DNS requests are being made from mobile devices, off-domain computers, or even visitor traffic on guest networks.
Our responsibility has always been to report a source, destination, time, and reason for blocking for audit purposes. Since switching from Cisco Umbrella, we no longer have this ability.
At the network level, it would be better to have the DNS queries supplemented with local AD information to collect more information about the source of the DNS queries.
For example, Microsoft DNS already has the ability to export DNS traffic to logs for this purpose. It would be a matter of referencing the output of that feature to extract the source IP (and then look up its local host name).
And additional benefit would be improved DNS reporting for servers that should not have the agent installed and all of the IoT devices that do not support agents at all.
Cisco Umbrella already does this.
R
Ryan Poppa
Merged in a post:
Track usernames to IPs using relay
Chris Stock
Should use a local ad server to track user to IP info. Other products do this so you can see who when my where without the agent
Nick Saunders
Merged in a post:
Relay filter by Users/Collection
Dexter
Looking for the ability to filter by users connected to the Relay. More specifically from Collections in the same manner as the Roaming Client.
Giuseppe
Hello,
we really need this
Steven
Yes - we need this.
George
That would be nice