The timeline section displays DNS queries, domain events, and DNS changes. You can see a domain's evolution over time and view up to four years of DNS changes.
The timeline is at the top of the domain view. It contains the DNS query graph and event history sections.
In the DNS query graph part of the timeline, there are three icons used.
- Blue Line—The volume of DNS queries over the last 30 days.
- Diamond—Domain events. The icon is colored red for malware, command and control, and phishing. It is colored yellow for other security events.
- Pentagon—DNS changes, such as A record changes. We store DNS changes for up to four years.
The event history part of the timeline uses three lines, from top to bottom, to represent the following event types.
- DNS Changes—The top line uses dark grey to show DNS record events, such as A record changes.
- Security Categories—The middle line shows Umbrella security categorization events. Red represents malware, command and control, and phishing. Yellow represents other security events.
- Query History—The bottom line uses blue to show time periods with DNS query history available.
Click on the domain events or DNS changes icons to see details. A panel opens to show events, grouped by resource record type and date. If there is more than one event for the selected period, the icon will show the number of events it has.
In the event history part of the timeline, the following icons are used.
- Person—Domain registration date.
- Eye—Date that the domain was first seen by our resolvers.
- Clock—Domain registration expiration date.
To see information, mouse over the icon.
Updated about a year ago