Forwarding Passive DNS Logs to Your SIEM

DigitalStakeout protective DNS logs provide visibility into an organization’s digital footprint, attack surface, and connectivity to malicious domains. By being able to search, analyze and visualize this data with other data sources, you can make more informed decisions and mitigate cyber threats to your organization. Data from your Securd DNS queries and responses play a central role in this effort.

One of our first add-ons out the gate, SIEM log forwarding

When we were surveying the protecitve DNS market, we were shocked to see the limited amount of support to forward logs to a SIEM. Even worse, we were shocked to see the lack of response to customers requesting this critical feature. With Securd, log forwarding was a priority launch feature. We wanted customers to have the option to immediately forward passive DNS logs in any SIEM or cloud-logging tool that currently supports ingest through HTTP. Log forwarding is now available as an add-on to all subscribers.

siem logging http

Hunt down threats at your single pane of glass

Organizations need real-time visibility of their attack surface to limit cyber exposures, prevent attacks and detect emerging threats. Passive and real-time DNS intelligence is critical in detecting network intrusions and is instrumental in any forensic and incident response analysis. We believe it is best to forward and centralize your passive DNS data into tools like Elastic Siem,, Splunk, or Loggly. These are best-of-breed tools that will enable you to gain deeper insight into threats that our solutions detect and mitigate. If you’re not ready to integrate, Securd does offer a comprehensive query log tool to search, investigate and export logs for all plans.

securd query log search

How Securd log forwarding works

Securd log forwarding is a real-time fork of your dns firewall log data to a target HTTP webhook. The detailed activity logs that are visible in the Securd Web Gateway portal are the same format. Logs will be forwarding in a simple, friendly JSON format. This enables you to build charts, analyze data and setup alerting in your favorite SIEM with ease. Below is an example of a policy forwarding Securd Web Gateway logs to Loggly. In the example below with Loggly, we had the integration done and data flowing in 5 mins. If you use ELK, you can use the Logstash HTTP Input Plugin to achieve the same result.

securd logging loggly

Agentless DoH isn’t a blind spot anymore

Due to the pandemic, we’ve seen situations where organizations had to get laptops to remote employees quickly and unfortunately sacrificing security in the process. Before the need for working from home, the organization had visibility where devices were on-network. Suddenly, the new network is everyone off-network and accessing cloud applications from home. This was a complete security blind spot now and increasing the risk of cyber threats and having to send back laptops that required re-imaging from any malware that infected the device. The problem we had to solve was to deliver agent-less DNS security that would protect end-users from malicious domains while working at home. We created virtual sites and recommended the customer use a strict a Firefox DoH policy. This provided the customer with the increased layer of malware defense and log visibility into browsers’ off-network activity.

securd logging loggly doh