This view allows you to get DNS-related statistics on any domain you input in the search field. The view is split into 3 subsections:
a. Global Threat Intelligence - displays a top 3 of most accessing processes, the TPE matches (the number of times, in the selected timeframe, the domain has been intercepted via TPE), the Global TPE matches (the number of times, in the selected timeframe, the domain has been intercepted by TPE in the Global Heimdal Security database), the domains/URLs related to the same IP Address, the TPE + TPN matches (the number of times, in the selected timeframe, the domain has been intercepted by TPE and TPN), the Global TPE + TPN matches (the number of times, in the selected timeframe, the domain has been intercepted by TPE and TPN in the Global Heimdal Security database);
b. Predictive DNS Score - displays a maliciousness score based on an Artificial Intelligence algorithm (ranging from 0 to 100) that is corroborated with the presence of the domain (in question) on the Threat Prevention Endpoint blocklist (blocklist match). The higher the score, the higher the probability that the domain in question is infected. The Predictive DNS Score will showcase a Risk Level (None, Low, Medium, High, Critical) based on the above-mentioned score;
c. DNS Statistics - displays a graphical representation of the daily number of hits for the chosen domain (the blue
the line shows that the queried domain was found clean at the time of the query, while the red line shows that the queried domain was found infected at the time of the query);
d. Requester distribution - displays a map and statistics of top public IP Addresses that called the domain in question (the origin of the DNS query to the domain in question).