Skip to content

DNS and firewall AI discovery

DNS resolver and firewall logs help Venturi detect direct AI-provider traffic that does not pass through an instrumented gateway.

Release state

This guide documents the read-only dns_firewall_log_analysis connector implemented in the platform connector surface.

Required access

Grant read-only log access:

Scope Purpose
dns.query_logs.readonly Read resolver query logs.
firewall.connection_logs.readonly Read firewall egress logs.

Do not grant policy-write, blocking, allow-list, or firewall-rule mutation permissions.

Setup

  1. Select DNS and firewall sources with AI-provider egress visibility.
  2. Create read-only log credentials for those sources.
  3. Store credential references in Venturi.
  4. Set ARGMIN_DNS_FIREWALL_LOOKBACK_HOURS if the default 24-hour poll window is not appropriate.
  5. In Venturi, open Administration -> Connectors -> DNS/firewall log analysis and run Test connection.

Verification

  • The connector reports ready sources for each reachable log source.
  • Provider-domain matches appear as detected-only observations.
  • Direct API endpoint matches are labeled as discovery evidence, not request attribution.
  • The connector does not mutate DNS or firewall policy.

Rotation and offboarding

Rotate log-reader credentials through the relevant DNS or firewall system. Removing the connector stops new detected-only observations from those logs.