Adding a DNS enrichment source

To add a DNS enrichment source, you need the following information:

• Method to authenticate connection with the DNS server (API key, cookie, or bearer). 
• Bearer token - you can either enter the token or get it at runtime by connecting to the DNS server.

To add a DNS enrichment source

1. Click Configurations > Enrichment Sources.
2. Click Create.
3. From the Type list, select DNS.
4. Enter a name and description for the source.
   These names appear in the enrichment policy while setting up DNS enrichment. Use a name that will help you to identify the source and the enrichment that you want to apply.
5. To configure REST connection with the DNS server, in the Connection section, click Add Connection and perform the following steps:

1. 1. In the Connection Configuration window, select the REST method to connect to the server and enter the endpoint URL.
      The endpoint URL format must include protocol (HTTP/HTTPS), path parameters, and query parameters. For example, https://www.example.com/<pathparameter1>/<pathparameter2>?<queryparameter1>=value1&<queryparameter2>=value2. 
      Enclose dynamic path parameters or query parameter values in curly brackets {}. Ensure that the endpoint URL contains only one dynamic variable. The values with which you want to access the source, use such values as dynamic variable. For example, based on an IP address, you want to get information from the source and you want to use the IP address coming into logs. Use IP address as a dynamic variable in the URL. While creating an erichment policy, you configure the field in the logs from which the value of the dynamic variable is taken and enrichment is provided. Examples of the endpoint URL:
      Dynamic path variable: https://www.example.com/<pathparameter1>/{variable}?<queryparameter1>=value1&<queryparameter2>=value2
      Dynamic query parameter value: https://www.example.com/<pathparameter1>/<pathparameter2>?<queryparameter1>={variable}&<queryparameter2>=value2
      Use the following endpoint URL to test connection to a DNS source: https://get.geojs.io/v1/dns/ptr/{val}.json. Use the value of the dynamic variable {val} as 8.8.8.8 to test the connection.

   2. In the Authorization section, perform the steps to configure authentication:

      Authentication type	Description
      Basic Authentication	Enter the user name and password to access the DNS server.
      API Key Authentication	From the Add To list, select where you want to add the API key (header, query, or path). In the API Key field, enter the API key. In the Key Name field, enter the key name.
      Bearer Authentication	In the Bearer Token field, enter the variable that contains the token. For example, $.token. To get the bearer token (ensure that the output of the API to connect to the DNS server is in JSON format), enable Add Login to fetch Bearer token. In the Login Action section, select the method to connect to the DNS server and enter the endpoint URL. In the Header section, click Add Header and add headers in the form of key-value pairs. Click the Request Body tab and enter the payload in the JSON format.

   3. In the Test Connection section, enter the dynamic path parameter value to test the connection to the endpoint URL and click Connect.
   4. If the test connection is successful, save the connection configuration.
      All the fields that the source an provide for enrichment are displayed in the Enrichment Fields > Select Enrichment Target Fields field, all the fields that the source can provide for enrichment are displayed.
2. (Optional) From Select Enrichment Target Fields, remove a field.
3. Enable and save the enrichment source.
   On the Enrichment Sources page, a filter is added for each type of source.
   
   You can edit, disable, and delete the source by using the Actions menu.