Detect malicious traffic on your network and get detailed reports.
Download and install DNSeye VM appliance
Get In Touch
Protect all your users at DNS level from harmful contents of the internet with the help of AI.
14 days free trial
Start Your Free Trial
Most advanced dynamic cyber threat intelligence for deep dive domain analysis.
No registration required
Get Your First Analysis


Detect the attacks “that others miss”

DNSEye detects malicious traffic on your network, and reports whether this traffic can be blocked by your other security devices.

Why is it important to analyse DNS logs?

Monitor all your Traffic

DNS is used by all protocols like http, https, smtp, IoT. DNS traffic provides information about your entire network, regardless of its network protocol.

DNS Tunneling

With DNS Tunnelling, data exfiltration attacks cannot be detected by DLP products. It requires DNS log analysis for effective solution.

Invisible Malware Domains

80% of malware domains do not have an IP address at the moment, Malware requests that do not have an IP address can only be detected in the DNS log.

See beyond your logs with DNSEye

DNS servers generate a large number of difficult-to-understand logs. DNSEye provides the collection, enrichment, AI-based classification of the DNS logs.  

With its advanced SIEM integration, it saves time and EPS by transferring to SIEM only the data that SOC teams need to see.

Key benefits


DNS Log Collection

DNSEye can collect the logs of many different brands and models of DNS servers without the need for any change in your network structure. It can collect Microsoft DNS, Infoblox, BIND, Bluecat, EfficientIP, F5, Citrix DNS server logs with high performance.

Domain Categorisation

To select the data that SOC teams should review, the domains must first be classified. With Roksit Cyber X-Ray infrastructure, they are divided into 72 different categories in 4 main groups, based on AI.

Detection the Source of the Malicious Activity

DNS logs only include the source IP address. Since IP addresses vary, it should be enriched with permanent machine and user information. DNSEye has Host Discovery and User Identification features. The DNSEye Report, also features the real machine that makes the DNS query and the users logged into this machine.

SIEM Integration

DNSEye can report classified and meaningful DNS traffic one year back in the advanced reporting interface. In addition, it transmits the data that SOC teams need to analyse to the SIEM product. It provides a very flexible infrastructure to the user in selecting the logs to be transmitted. While it can send the entire log according to the user's preference, it can save up to 1000 times the amount of logs with the filters to be applied.

See Attacks that Others Miss

By courtesy of Security Gap Feature, Roksit reports the existing malicious activities which have managed to pass through each current security asset (UTM Firewall, Proxy, DNS Firewall, etc.) in your network without even being detected.

EDR Integration

The APIs of EDR systems are used to gather information about the application that makes the malicious DNS query, in order to understand whether the devices are infected or not.

DNS Traffic Learning and Anomaly Detection

In corporate networks, the amount of DNS traffic, visited categories and even the visited domains are in a certain pattern. DNSEye appliance learns the DNS traffic of the institution and reports anomalies.

Frequently asked questions

Which SIEM Products Do You Have Integration With?

Why is DNS visibility important?

Which DNS Products Do You Read With the “DNSEye” Product?

What Is The “Security Gap” Feature?

What Are the Advantages of Your Smart SIEM Integration?

Try DNSEye today for free

Ready to get started?

The best way to understand the power of DNSEye is to see it for yourself. Download and install DNSEye VM appliance today.
Get in touch