Skip to content



Passive DNS data provides information for IT security teams, research teams and brand protection specialists. Research analysts gain insight as to how a particular domain name changes over time and how it is related to other domains and/or IP addresses. This data enables the building of a picture of potential threats across global networks that simply cannot be identified from monitoring your own network.

Product Details

Product Type: DNS

Product Tier: Tier I

Integration Method: Syslog

Parser Details

Log Format: Syslog / JSON

Expected Normalization Rate: near 100%


UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
hostname intermediary.hostname
Passive DNS metadata.product_name
NETWORK_DNS metadata.event_type
DNS network.application_protocol
type network.dns.questions.type
qclass network.dns.questions.class
ttl network.dns.answers.ttl
client principal.ip
server target.ip

Product Event Types

Event UDM Event Classification
all event types NETWORK_DNS

Log Sample

Mar  6 18:30:30 servername pdns_alert 1646609430.251672||||||IN||||A||||20||1|smb_time=1646610306987|smb_uid=/ari8QV8Rredactedandrandom164661030698738687

Sample Parsing

metadata.event_type: NETWORK_DNS
metadata.product_name: "Passive DNS"
principal.ip: ""
target.ip: ""
intermediary.hostname: "servername"
network.application_protocol: DNS ""
network.dns.questions.type: 1
network.dns.questions.class: 1
network.dns.answers.ttl: 20 ""

Parser Alerting

This product currently does not have any Parser-based Alerting


Coming Soon