In this article
Owner, Admin, or Super User roles use this article to setup data exports. Data Export is an account add-on that must be enabled to complete these steps.
The Data Export feature let's Organizations and MSPs export data at regularly timed intervals and configure exports to Amazon S3 or Splunk. Once configured, the data available in the CSV version of the Query Log will transmit in near real-time.
We created example Standard and Roaming Client exports and defined the data names to help navigate Data Export's capabilities.
This feature also helps users combine Query Log data with other data for monitoring/action/alerting. The Data Export feature can integrate directly with most SIEMs including
- Microsoft Sentinel
- Datadog
- Humio
- LogRythm
- QRadar
- Splunk
- Sumo Logic
Data Export can connect to S3 compatible services such as Wasabi and Backblaze.
Enable Data Export
MSP Data Exports
The Data Export feature cannot be turned on for a single Organization — Data Export is applied to all Sub-Organizations (e.g. all plan tiers). If Data Export is enabled for Enterprise plan levels, it is applied across all Organizations with a plan type of Enterprise.
If users see the Upgrade Your Plan screen on the Data Export page, Data Export still needs to be activated.
- From the DNSFilter dashboard, navigate to Organization (MSPs select MSP) and select Billing
- Select Activated to activate Data Export
- Select Save
Amazon S3 Data Export configuration
You will need the Data Export IP addresses to provide the End Point destination for this setup. This is an optional field for some 3rd party resellers.
- From the DNSFilter dashboard, navigate to Tools and select Data Export
- Select Configure Data Export
- Select the Amazon S3 service
- Select Continue
- Enter the Amazon S3 Bucket account name
✍️ The unique name for the organization's account that hosts information. Refer to Amazon's guide for more information on where to locate this. - Input optional parameters if applicable
- Key Prefix value: used to organize the data that is stored in Amazon S3 buckets
- Endpoint fully qualified URL
- Enter the S3 Bucket Region (e.g. us-east-1)
- Enter the Access Key ID and Secret Access Key values: refer to the AWS security credentials page for more details on how to generate an Access Key
- Select Verify & Test Account to test the connection
- Select Finalize to complete the process
Data can now export to S3. If an error message populates during setup see the troubleshooting guide for steps to resolve the issue.
Zadara Configuration
Admins can configure data exports with Zadara following similar setup steps to S3.
From Zadara Settings:
1. Enable Containers Virtual-Hosted Style Support
2. Navigate to User Information to collect Endpoint (Public API Endpoint), Access, and Secret Key information used to connect DNSFilter and Zadara
Navigate to DNSFilter's Data Export page to complete the process. Note to add https:// to the endpoint value to avoid connection errors.
Splunk Data Export configuration
Splunk's HTTP Event Collector (HEC) API is utilized, which uses a well-recognized protocol for transferring data. It is scalable, secure, token-based for convenience, and easy to maintain.
The protocol is often implemented by SIEMs and data tools apart from Splunk, and may work out of the box with many preferred data tools.
For example, Humio implements a one-to-one HEC API which is already confirmed to work with this Data Export feature.
You will need the Data Export IP addresses to provide the End Point destination for this setup.
- From the DNSFilter dashboard, navigate to Tools and select Data Export
- Select Configure Data Export
- Select the splunk> service
- Select Continue
- If applicable, turn off Use compressed data (default is enabled)
- Enter the Splunk account HTTP Event Collector URL and Active Event Collector Token
✍️ Refer to Splunk's Getting Data In guide for information on how to generate an HTTP Event Collector URL and Token. - Select Verify & Test Account to test the connection
- Select Finalize to complete the process
Data can now export to Splunk. If an error message populates during setup see the troubleshooting guide for steps to resolve the issue.
Comments
0 comments
Article is closed for comments.