Connect Dnsfilter to Definable AI

DNSFilter provides cloud-based DNS security and content filtering solutions to protect networks from online threats and manage internet usage.

About Dnsfilter

Dnsfilter is a productivity tool. Connect it to Definable AI with one-click OAuth2 — no API keys or custom code required.

What you can automate with Dnsfilter

Use Definable AI's agent platform to trigger workflows from Dnsfilter, process results with 50+ AI models, and sync data across 900+ connected apps.

Tools & Actions (186 available)

  • Add Allowed Application: Adds a single application to the allow list of a policy in DNSFilter. Use this action when you need to permit a specific application through the filtering policy. The application will be added to the policy's allow_applications list and will be allowed regardless of other blocking rules. This is useful for whitelisting specific applications that need to function while maintaining strict filtering policies for other traffic.
  • Add Allowlist Domains to Policies: Tool to bulk add one or more domains to one or more policies' allow lists. Use when you need to permit specific domains across multiple policies efficiently, bypassing filtering rules for trusted sites.
  • Add Blacklist Category To Policy: Tool to add a single category to a policy's blocklist. Use when you need to block a specific content category for a DNS filtering policy. The category will be added to the existing blacklist categories without affecting other policy settings.
  • Add Blacklist Domain To Policy: Tool to add a single domain to a policy's blocklist. Use when you need to block a specific domain under a DNS filtering policy. The domain will be added to the policy's blacklist and blocked from access for users under that policy.
  • Add Blocked Application: Adds a single application to the block list of a policy in DNSFilter. Use this action when you need to block a specific application through the filtering policy. The application will be added to the policy's block_applications list and will be blocked regardless of other allow rules. This is useful for blocking specific applications that should not be accessible while maintaining other filtering policies.
  • Add Blocklist Domains To Policies: Tool to add one or more domains to the blocklist of multiple policies at once. Use when you need to block specific domains across multiple filtering policies efficiently. The operation applies all specified domains to all specified policies in a single API call.
  • Add Whitelist Domain: Tool to add a single domain to a policy's allowlist. Use when you need to permit a specific domain for a policy, bypassing filtering rules for that trusted site.
  • Bulk Create Networks: Bulk create multiple networks in DNSFilter with a single API call. Use when you need to create multiple networks at once for efficiency. Each network requires at minimum a name; optional fields like physical address, coordinates, description, and policy assignment can be included for better organization.
  • Bulk Update Networks: Tool to bulk update multiple networks with specified configuration changes. Use when you need to apply the same settings (policy, block page, VPN status) to multiple networks simultaneously instead of updating them one by one. This action creates an asynchronous bulk update job that processes multiple networks. Common use cases include: - Applying a new policy to multiple branch office networks - Enabling/disabling legacy VPN across multiple locations - Standardizing block page settings for multiple networks - Updating scheduled policies for multiple sites The operation returns a job ID immediately and processes updates in the background. For updating all networks in an organization, use ids='all' and provide organization_id.
  • Cancel Organization: Sets an organization as 'Canceled' in DNSFilter by its unique ID. Use this action when you need to cancel an organization's service. The organization will be marked as canceled but may not be immediately deleted depending on billing cycles.
  • Check User Agent Bulk Updates Has Mixed: Check if user agent attributes are mixed in a bulk selection. Use this to determine whether block pages, policies, sites, or tags differ across the selected user agents before performing bulk updates. This helps identify configuration inconsistencies and plan bulk update operations.
  • Create API Keys: Creates a new API key in DNSFilter for authentication and API access. This action generates a new API key that can be used to authenticate API requests to DNSFilter. The API key is returned only once upon creation and should be stored securely. You can optionally set an expiration date to enforce key rotation policies. Use cases include: - Creating keys for automated integrations - Generating keys for third-party service access - Setting up keys with specific expiration policies IMPORTANT: The API key value is only returned in the creation response. Store it securely as it cannot be retrieved later.
  • Create CyberSight CSV Export: Creates a CyberSight CSV export record to track export of CyberSight report information. This action initiates an export of CyberSight activity logs to CSV format. The export is processed asynchronously - the response includes a UUID to track the export status. Once processing is complete, the response will contain a presigned S3 URL to download the CSV file. Common use cases: - Exporting activity logs for compliance reporting - Downloading filtered CyberSight data for analysis - Creating scheduled reports of network activity The export can be filtered by organization, time range, activity type, and various other criteria. Required fields are report_type, start_at, and end_at. The export URL will be available once processing is complete (usually within a few minutes depending on data volume).
  • Create IP Address: Creates a new IP address entry in DNSFilter for network filtering and policy enforcement. This action registers an IPv4 or IPv6 address with a specific network in DNSFilter, allowing that IP to be subject to the network's filtering policies. Common use cases include: - Adding gateway or router IP addresses - Registering office or branch location IPs - Including failover or WAN link IPs Prerequisites: - Must have a valid network_id (use LIST_NETWORKS to retrieve available networks) - The IP address must be a valid IPv4 or IPv6 format - User must have authorization to create IP addresses in the target network Returns the created IP address details including its unique ID and UUID for future reference.
  • Create MAC Address: Creates a new MAC address entry in DNSFilter with the specified data. This action registers a MAC address with a specific organization in DNSFilter, allowing that MAC address to be subject to custom filtering policies and block pages. Common use cases include: - Adding device MAC addresses for network access control - Assigning custom policies to specific devices - Managing device-level filtering in BYOD environments Prerequisites: - Must have a valid organization_id (use LIST_ORGANIZATIONS to retrieve available organizations) - The MAC address should be in valid format with colons (e.g., '00:11:22:33:44:55') - User must have authorization to create MAC addresses in the target organization Returns the created MAC address details including its unique ID for future reference.
  • Create Networks: Creates a new network with the specified configuration in DNSFilter. Networks represent locations or groups of devices that will be protected by DNSFilter's DNS filtering policies. Use this action to set up filtering for office locations, remote workers, or any group of devices that need DNS security. Required fields are network name and organization_id. Optional settings include custom block pages, IP addresses, local domain handling, and policy assignments. The action returns the complete network details including its unique ID and UUID for future operations.
  • Create Organization User: Adds a new or existing user with the specified email to an organization in DNSFilter. This action creates a user association with a specific organization, assigning them a role (administrator or read_only). If the user email already exists in DNSFilter, it adds that existing user to the organization. If the email is new, it creates a new user account. Common use cases: - Adding administrators to manage organization settings - Granting read-only access to stakeholders or auditors - Managing multi-organization access with permission lists Prerequisites: - Must have a valid organization_id (use LIST_ORGANIZATIONS to retrieve) - User must have administrator permissions in the organization - Email must be valid and unique within the organization Returns the created user details including their ID, role, and contact information.
  • Create Policies: Creates a new DNS filtering policy with the specified configuration in DNSFilter. Policies define filtering rules including blocked/allowed categories, domain lists, safe search enforcement, and application controls. Use this action to create filtering policies that can be applied to networks, IP addresses, or MAC addresses for content filtering and security enforcement. Required fields are policy name and organization_id. Optional settings include category blocking, domain allow/block lists, safe search enforcement for multiple search engines, application controls, and YouTube restrictions.
  • Create Scheduled Policy: Creates a new scheduled (time-based) policy in DNSFilter. Scheduled policies allow different filtering policies to be applied during different times of the week based on a weekly schedule divided into 15-minute intervals. Use this action to implement time-based filtering rules such as stricter policies during school/work hours and relaxed policies during evenings or weekends. The policy_ids array must contain exactly 672 integers representing each 15-minute block of the week starting from Monday 12:01am. Each policy ID can be reused for multiple time blocks to create consistent filtering periods.
  • Create Scheduled Report: Creates a scheduled report in DNSFilter to automate regular delivery of network activity and security summaries. Use this to set up periodic reports that track web traffic, threats, and content filtering patterns for your organization. Required fields are organization_id and frequency. Optional settings include threat summaries, content category breakdowns, delivery schedules, and recipient lists. The scheduled report will be generated and sent automatically according to the specified frequency. Use this when you need regular visibility into network filtering activity without manual report generation.
  • Create Scheduled Report Previews: Creates a scheduled report preview for an organization, triggering background generation of the report. This action initiates the generation of a preview for scheduled reports in DNSFilter. The preview includes filtered content statistics and threat summaries based on the organization's DNS filtering activity. Use this when you need to generate a sample report to review filtering effectiveness or prepare regular scheduled reports. The report generation happens asynchronously in the background after creation.
  • Create User Agent Bulk Deletes: Create a user agent bulk delete operation in DNSFilter. Use when you need to delete multiple user agents at once based on explicit IDs or filter criteria. This action allows you to either: 1. Delete specific agents by providing their IDs in the 'ids' parameter 2. Delete agents matching filter criteria (agent_state, network_ids, tags, etc.) 3. Combine filters with exclude_ids to protect specific agents from bulk deletion The 'queue_uninstall' parameter determines deletion behavior: - True: Hard delete with agent uninstallation - False: Soft delete (agent deactivation) Common use cases: - Remove all unprotected agents from a specific network - Delete agents that haven't received traffic recently - Clean up agents with a specific version or status - Bulk remove agents by tags or organization
  • Create User Agent Cleanup: Creates a user agent cleanup to track bulk deletion of inactive user agents in DNSFilter. This action initiates a cleanup process that identifies and deletes user agents that have been inactive for a specified number of days across one or more organizations. The cleanup helps maintain an accurate inventory by removing stale agent entries that are no longer in use. Use cases: - Removing outdated agents from decommissioned devices - Cleaning up test agents after evaluation periods - Maintaining accurate license counts by removing inactive agents Returns details about the cleanup operation including which agents will be deleted and the status of the cleanup process.
  • Delete API Key: Tool to remove an API key by its ID. Use when you need to revoke or delete an existing API key from the DNSFilter system. Returns success on 204 No Content.
  • Delete IP Address: Removes an IP address from DNSFilter by its unique ID. Use this action when you need to unregister an IP address from a network, such as when decommissioning equipment or removing access.
  • Delete MAC Address: Deletes a MAC address entry from DNSFilter by its ID. Use this action when you need to remove a MAC address from your network filtering configuration. You must provide the numeric ID of the MAC address to delete. The action returns the deleted resource information in JSON:API format, including the ID, type, and UUID of the removed MAC address.
  • Delete Networks (Bulk): Bulk destroy multiple networks in DNSFilter. Use when you need to delete multiple networks at once or all networks in an organization.
  • Delete Policies: Deletes a DNS filtering policy from DNSFilter by its unique ID. Use this action when you need to remove a policy that is no longer needed. Note that the API performs a soft deletion, setting a deleted_at timestamp on the policy record.
  • Delete Scheduled Policies: Removes a scheduled policy from the DNSFilter database by its unique ID. Use this action when you need to delete a scheduled policy that is no longer needed or was created in error.
  • Delete Scheduled Report: Tool to delete a scheduled report by its ID. Use when you need to remove a scheduled report from the DNSFilter system. Returns the deleted report data.
  • Get API Key: Tool to retrieve detailed information about a specific API key by its ID. Use when you need to display or verify the details of an existing API key.
  • Get Application Category: Retrieves detailed information about a specific DNSFilter application category by its ID. Application categories group applications for filtering policies (e.g., Business, VPN And Proxy, GenAI & ML). Use LIST_APPLICATION_CATEGORIES to discover available category IDs first.
  • Get Billing Address: Retrieves the billing address for a specific DNSFilter organization. Use when you need to access or verify billing contact information, shipping addresses, or organization location details for invoicing purposes.
  • Get Billing Information: Retrieves billing records for a specific DNSFilter organization. Returns a list of billing records including amounts, payment status, and billing periods. Returns an empty list if no billing records exist for the organization. Use this when you need to access billing history, verify payment status, or generate billing reports.
  • Get Category: Tool to get basic information of a specific category. Use when you need to retrieve details for a category by its ID.
  • Get IP Address: Retrieves detailed information for a specific IP address record by its ID. Use this action when you need to fetch complete metadata, network relationships, and attributes for a particular IP address that you've already identified (e.g., from the List IP Addresses action). The response includes the IP address in both short and full notation, along with associated network and organization IDs.
  • Get MAC Address: Retrieves detailed information for a specific MAC address record by its ID. Use this action when you need to fetch complete metadata and attributes for a particular MAC address that you've already identified (e.g., from the List MAC Addresses action). The response includes the MAC address value, name/label, organization and location associations, and timestamps in JSON:API format.
  • Get My IP Address: Tool to retrieve the requester's IP address as reported by DNSFilter API. Use when you need to determine the public IP address from which API requests are being made.
  • Get Networks Bulk Create Status: Tool to check the status of a bulk network creation job. Use when you need to monitor the progress or completion of a bulk network creation operation, or to retrieve the results (successful, failed, and skipped counts) of a completed bulk job.
  • Get Networks Bulk Destroy Status: Check the status of a bulk network destroy operation. Use this action after initiating a bulk destroy to monitor progress and see which networks were successfully destroyed, failed, or skipped.
  • Get Networks Bulk Update Status: Check the status of a bulk network update job. Use this action to monitor the progress and results of a bulk update operation after initiating it. The response indicates completion status, success/failure counts, and IDs of affected networks.
  • Get Networks CSV Export: Retrieves a networks CSV export by its ID. Use this action when you need to check the status of a CSV export or get the download URL for the exported data.
  • Get Notes: Tool to retrieve notes associated with a specific resource (policy, MSP, or organization) and domain. Use when you need to fetch allow/block notes for a particular domain within a given resource context.
  • Get Organization: Tool to get basic information of a specific organization by ID. Use when you need to retrieve detailed organization configuration, billing details, feature flags, and network relationships for a particular organization.
  • Get Organization Usage Detailed Metrics: Retrieves detailed usage metrics for a specific DNSFilter organization. Use this when you need comprehensive usage statistics including user counts, WiFi networks, roaming clients, and DNS request volumes for a given time period. This endpoint fetches user_count and wifi_count directly from the database and includes roaming client counts.
  • Get Organization Usage Metrics: Retrieves usage metrics for a DNSFilter organization over a specified date range. Returns DNS query counts, user statistics, and billing information. The maximum allowed date range is 365 days. Use this when you need to analyze organization activity, generate usage reports, or monitor DNS request volumes.
  • Get Organization User: Tool to retrieve user details and permissions for a specific organization. Use when you need to fetch information about a particular user within an organization, including their role, contact details, and permission settings.
  • Get Policy: Tool to get basic information of the specified policy. Use when you need to retrieve details for a specific policy by its ID.
  • Get Policy IP: Retrieves basic information for a specific Policy IP by its ID. Use this action when you need to fetch DNS server IP addresses (primary and secondary) associated with a particular policy. The response includes the Policy IP's UUID and the DNS server addresses that can be used for DNS filtering.
  • Get Policy Permissive Mode: Tool to retrieve the permissive mode setting for a specific policy. Use when you need to check if a policy has permissive mode enabled or disabled.
  • Get Scheduled Report Preview: Tool to retrieve a specific scheduled report preview by its ID. Use when you need to view the preview data for a scheduled report before it's sent.
  • Get User: Tool to get basic information of a specified user by ID. Use when you need to retrieve user details such as email, name, role, and verification status.
  • Get User Agent CSV Export: Tool to retrieve a specific user agent CSV export by its ID. Use when you need to check the status of a CSV export and obtain the download URL once ready.
  • Get User Agent Cleanup: Tool to get the specific user agent cleanup by ID. Use when you need to retrieve the status and details of a user agent cleanup process, including which agents are marked for deletion and whether the cleanup has completed.
  • Get User Agents Uninstall PIN: Tool to get the uninstall PIN for an organization's user agents. Use when you need to retrieve the PIN required to uninstall user agents protected by PIN authentication.
  • List API Keys: Retrieves the list of API keys associated with the authenticated user. Use this to view all API keys, check their expiration status, or filter by specific criteria such as name or organization. Supports filtering by expiration, ID, name, organization, and last four characters of the token.
  • List Agent Local Users: Tool to list agent local users associated with an organization. Use when you need to retrieve agent local users with basic information, optionally filtered by name, organization, or collection status.
  • List All Agent Local Users: Get all agent local users associated with a user organization. Returns basic information about agent local users including their IDs, types, and relationships. Use filters to narrow results by collection membership, name, or organization.
  • List All Applications: Tool to list all applications basic information including deleted ones. Use when you need a comprehensive list of all application entries without filtering out deleted applications.
  • List All Block Pages: Retrieves all block pages associated with the current user. Block pages are custom HTML pages displayed when users attempt to access blocked websites. Use this when you need a complete list of all configured block pages without pagination.
  • List All Categories: Tool to list all categories including internal categories. Use when you need the complete set of filtering categories.
  • List All Categories (Including Internal): Tool to list all categories including internal categories from DNSFilter. Returns comprehensive category information with pagination support. Use when you need the complete set of categories including system/internal categories.
  • List All IP Addresses: Retrieves all IP addresses across all networks in your organization. This tool automatically handles pagination to fetch complete results. Use this when you need a comprehensive list of all IP address entries without filtering.
  • List All IP Addresses (All Endpoint): Tool to retrieve all user-associated IP addresses with basic information. Use when you need to get the complete list of IP addresses using the dedicated /all endpoint with optional pagination.
  • List All MAC Addresses: Tool to get all MAC addresses associated with a user with basic information. Use when you need to retrieve MAC addresses across organizations with optional filtering by organization IDs.
  • List All MAC Addresses: List all MAC addresses across all organizations and locations without pagination. Returns the complete list of MAC address entries with details including ID, organization/location associations, the MAC address itself, name/label, and timestamps. Use this when you need the full inventory of MAC addresses. For paginated or filtered results, use LIST_MAC_ADDRESSES instead.
  • List All MSP Networks: Tool to retrieve ALL networks associated with the MSP user with basic information. Use when you need a comprehensive list of all MSP-managed networks for a specific organization ID. Supports pagination and various options to control IP address details.
  • List All Network Subnets: Tool to list site subnets with basic information. Use when you need to retrieve all network subnets, optionally filtered by organization.
  • List All Networks: Tool to retrieve ALL networks associated with the user with basic information. Use when you need a comprehensive list of all networks with optional filtering by protection status or search terms. Supports pagination and various options to control the level of detail returned.
  • List All Organizations: Tool to get all organizations with optional filtering by type, MSP relationships, or name. Use when you need to retrieve organizations with specific criteria or pagination. Supports filtering by organization type (normal, msp, sub_organization), MSP ownership, and name patterns.
  • List All Policies: Tool to retrieve ALL user-associated policies with basic information. Use when you need a comprehensive list of all policies associated with the user account, with optional filtering by organization or inclusion of global policies. Supports pagination for large datasets.
  • List All Scheduled Policies: Tool to retrieve ALL scheduled policies associated with the current user. Use when you need a comprehensive list of all time-based policies with pagination support.
  • List All User Agents: Tool to retrieve ALL user agents with basic information. Use when you need a comprehensive list of all user agents, optionally filtered by network, organization, state, status, or tags. Supports pagination and sorting.
  • List All Users: Tool to get all users basic information with optional pagination. Use when you need to retrieve a list of users in the organization with their profile details including name, email, and contact information.
  • List Application Categories: Retrieves all available application categories from DNSFilter. Application categories group SaaS applications and services (e.g., Business, Messaging, File Sharing, VPN And Proxy) and are used to apply filtering policies. Returns a list of categories with their IDs, names, UUIDs, and descriptions. Use this to discover available categories before configuring policies or filtering rules.
  • List Applications: List applications configured in your DNSFilter organization. Returns application details including ID, name, timestamps, and team association. Supports pagination for large result sets.
  • List Billing: Retrieve payment method information from Stripe for a DNSFilter organization. Returns details about the registered payment method including card information, billing address, and expiration dates. Returns empty response if no payment method is configured. Use this when you need to verify payment method setup or check billing details.
  • List Block Pages: List all custom block pages for the authenticated DNSFilter account. Block pages are custom HTML pages displayed to users when they attempt to access blocked websites. This tool retrieves all configured block pages with their details including name, preview URL, and default status. Use this when you need to view available block pages before assigning them to policies or networks.
  • List Categories: Retrieves all available DNSFilter website filtering categories. Returns categories like Adult Content, Malware, Social Networking, etc. that can be used to configure content filtering policies. Use this to discover available categories before setting up filtering rules or to view the complete catalog of filterable content types.
  • List Current User: Tool to fetch information about the currently authenticated user. Use when you need to retrieve the profile details of the user associated with the current API credentials, including their name, email, and contact information.
  • List CyberSight Activity Types: Tool to retrieve all available CyberSight activity types. Use when you need the complete dictionary of activity types for CyberSight reports.
  • List Domains Bulk Lookup: Retrieves domain information and category classifications for multiple FQDNs in a single request. Use this action to perform bulk lookups of domain categories and classifications. This is useful when you need to check the category status of multiple domains at once, rather than making individual requests for each domain. The response includes category information and other domain attributes for each requested FQDN.
  • List Domains User Lookup: Tool to look up all domains associated with a particular FQDN. Returns domain information including category classification, identifiers, and related metadata. Use when you need to retrieve domain details or check the categorization status of a specific fully qualified domain name.
  • List Enterprise Connections: List all enterprise connections for a DNSFilter organization. Use this to retrieve information about external identity provider integrations and enterprise authentication connections configured for the specified organization.
  • List IP Addresses: List IP addresses in your DNSFilter organization. Retrieves a paginated list of IP addresses with their network associations. You can filter results by network_id and control pagination with page and page_size parameters. Each IP address includes its address, network_id, organization_id, and network relationships.
  • List Invoices: Retrieves billing invoices for a DNSFilter organization with pagination and sorting support. Returns invoice details including amounts, statuses, creation dates, and due dates. Use this when you need to view billing history, check payment status, or retrieve invoice information for accounting purposes.
  • List Invoices (v2): Gets user associated invoices, most recent first. Use this when you need to retrieve billing invoices for a specific organization using the organization ID as a query parameter.
  • List MAC Addresses: Tool to list MAC addresses associated with an organization. Use when you need to retrieve basic MAC address information, optionally filtered by organization or paginated.
  • List Network Subnets: Tool to retrieve subnets associated with a specific network. Use when you need to get subnet information for a particular network ID.
  • List Networks: List all networks (sites) in your DNSFilter organization. Networks represent locations or groups of devices protected by DNSFilter's DNS filtering. Each network has associated policies, IP addresses, and configuration settings. Use this action to retrieve comprehensive network information including policy assignments, IP addresses, and network metadata.
  • List Networks Geo: Tool to retrieve networks with geographical information only. Use when you need location data (latitude, longitude, physical address) for networks in your DNSFilter organization. This action returns a simplified view focused on network location data without full configuration details.
  • List Networks MSP: Get MSP user associated networks with basic information. Use this to retrieve networks managed under an MSP (Managed Service Provider) organization with their configuration details, policy assignments, and IP addresses.
  • List Organization Users: Tool to get the users for a specified organization. Use when you need to retrieve a list of all users associated with an organization, including their roles, permissions, and authentication details.
  • List Organizations: List all organizations associated with the authenticated DNSFilter account. Returns detailed organization information including billing details, feature flags, network relationships, and configuration settings. The response follows JSON:API specification with pagination links.
  • List Organizations Settings: Tool to get basic information and settings of the specified organization. Use when you need to retrieve organization configuration, settings, or details.
  • List Policies: Tool to retrieve basic information about user-associated policies. Use when you need to list all available policies for filtering configuration or policy management tasks.
  • List Policies for Application: Tool to retrieve policies information for a specific application. Use when you need to see which policies allow or block a particular application, along with application and organization details.
  • List Policy IPs: List policy IPs in your DNSFilter organization. Retrieves basic information about user-associated policy IPs including their DNS server addresses (primary and secondary). Use when you need to view all available policy IP configurations for DNS filtering.
  • List QP Methods: Tool to list all QP (Query Protection) methods available in DNSFilter. Use when you need to retrieve the dictionary of query protection methods.
  • List Scheduled Policies: Tool to retrieve scheduled policies associated with the current user. Use when you need to list time-based policies that control filtering rules based on schedules.
  • List Top Organizations by Requests: Get the top organizations ranked by total number of DNS requests over a specified time period. Returns organizations with the highest request volumes, useful for identifying most active organizations and analyzing usage patterns. Results are paginated with configurable page size (max 100 per page).
  • List Total Categories by Organizations: Get the total number of DNS requests by category for organizations over a specified time period. Returns aggregated statistics showing how many requests were made to each category (e.g., Social Networking, News, Streaming) across one or more organizations. Use this to analyze category-level traffic distribution, understand which content types are most accessed, and track trends across organizational boundaries.
  • List Total Domains by Organizations: Get the total number of DNS requests by domain for organizations over a specified time period. Returns aggregated statistics showing how many requests were made to each domain across one or more organizations. Use this to analyze domain-level traffic distribution, understand which domains are most accessed, and track trends across organizational boundaries.
  • List Total Organizations Requests: Get the total number of DNS requests for organizations in a specified time period. Returns time-series data showing request volumes aggregated by configurable time buckets. Use this to analyze overall traffic patterns and monitor DNS query volumes across organizations. Supports extensive filtering by agents, applications, categories, networks, domains, and traffic type.
  • List Total Requests Organizations: Get the total number of DNS requests for organizations in a specified time period. Returns time-series data showing request volumes aggregated by configurable time buckets (15 minutes or 1 day). Use this to analyze traffic patterns by organization, identify peak usage times, and monitor DNS request volumes broken down by allowed, blocked, and total counts.
  • List Total Threats by Collections: Tool to retrieve the total number of threats for collections over a specified time period. Use when you need to analyze threat patterns, generate security reports, or monitor DNS-based threats blocked by DNSFilter across different collections.
  • List Total Threats by Organizations: Get the total number of threats detected for organizations over a specified time period. Returns aggregated threat statistics showing how many malicious or dangerous DNS requests were identified across one or more organizations. Use this to monitor security posture, identify at-risk organizations, and track threat trends over time.
  • List Traffic Reports QPS: Get queries per second (QPS) metrics for DNS traffic over a specified time period. Returns time-series data showing DNS query volume aggregated by configurable time buckets (1 minute, 15 minutes, or 1 day). Use this to analyze traffic patterns, identify peak usage times, and monitor DNS query volumes. Supports extensive filtering by networks, organizations, agents, applications, IP addresses, and traffic type (allowed/blocked/threats).
  • List Traffic Reports QPS Active Agents: Get queries per second (QPS) statistics for roaming clients over a time period. Returns the total number of DNS queries per second for active agents (roaming clients) with optional filtering by agent, organization, application, network, and other criteria. The maximum time range is 20 minutes. Use this action to monitor real-time DNS query loads and analyze traffic patterns for roaming clients.
  • List Traffic Reports QPS Active Collections: Tool to retrieve queries per second (QPS) metrics for active collections over a specified time period. Returns the total number of DNS queries per second grouped by collections. The maximum time range is 20 minutes. Use this to monitor query volume and traffic patterns across different collections in your DNSFilter organization.
  • List Traffic Reports QPS Active Organizations: Retrieves the total number of queries per second (QPS) over a time period for active organizations. Use this action to analyze DNS query traffic patterns and volume for organizations. The maximum time range is 20 minutes between the from and to parameters.
  • List Traffic Reports QPS Active Users: Get the total number of queries per second (QPS) in a time period (maximum 20 minutes) for active users. Use this to monitor traffic patterns and identify high-activity users. Supports filtering by user agents, networks, organizations, IP addresses, and traffic types (allowed/blocked/threats).
  • List Traffic Reports Query Logs: Get query raw logs from DNSFilter traffic reports in a specified period of time. Use this to retrieve detailed DNS query logs with extensive filtering options including time range, domains, networks, user agents, IP addresses, and query results (allowed/blocked). Supports pagination for large result sets.
  • List Traffic Reports Top Agents: Get the top user agents by DNS traffic volume in a specified time period. Returns ranked list of agents with associated traffic metrics. Use this to identify most active agents, analyze agent-level usage patterns, and monitor individual device or user traffic. Supports filtering by agent attributes, networks, organizations, IP addresses, and traffic type. Results are paginated for large datasets.
  • List Traffic Reports Top Application Categories: Get the top application categories domains in a period of time. Returns a paginated list of application categories ranked by DNS query volume, with support for filtering by networks, organizations, agents, time range, and traffic type. Use this to analyze which application categories (e.g., social media, streaming, productivity) are most frequently accessed in your network.
  • List Traffic Reports Top Categories: Get the top domain categories accessed during a specified time period. Returns category-level statistics showing which website categories (e.g., Social Networking, News, Streaming) are most frequently accessed. Use this to understand browsing patterns, identify potential policy needs, and analyze category-level traffic trends across your organization.
  • List Traffic Reports Top Collections: Tool to retrieve the top collections by traffic volume over a specified time period. Returns collection-level metrics showing which collections have the most DNS query activity. Use this to identify the most active collections in your DNSFilter organization and analyze traffic distribution across collections.
  • List Traffic Reports Top Domains: Get the top requested domains over a specified time period. Returns a list of the most frequently queried domains with request counts, helping identify popular sites, potential issues, or security concerns. Use this to analyze domain access patterns, monitor bandwidth usage, and detect anomalous traffic. Supports extensive filtering by networks, organizations, agents, applications, IP addresses, and traffic type (allowed/blocked/threats). Results are paginated and can be filtered by domain prefix or FQDN substring.
  • List Traffic Reports Top Networks: Get the top networks ranked by DNS traffic volume over a specified time period. Returns network traffic metrics showing which networks generated the most DNS queries. Use this to identify high-traffic networks, monitor network activity levels, and analyze traffic distribution across your organization.
  • List Traffic Reports Top Organizations: Gets the top organizations by DNS traffic volume over a specified time period. Use this action to identify which organizations are generating the most DNS queries. Supports pagination and extensive filtering by time range, networks, agents, applications, IP addresses, and traffic type.
  • List Traffic Reports Top Users: Get the top users by DNS query volume over a specified time period. Returns user activity metrics showing which users generated the most DNS traffic, with support for pagination and extensive filtering. Use this to identify high-volume users, analyze user behavior patterns, and monitor individual user activity across networks and organizations.
  • List Traffic Reports Total Applications Agents Stats: Get statistics of number of requests for roaming clients by application in a period of time. Returns aggregated request counts grouped by application for active agents (roaming clients) with optional filtering by agent, organization, application, network, and other criteria. Use this action to analyze which applications are generating the most DNS traffic from roaming clients.
  • List Traffic Reports Total Applications Collections Stats: Get statistics of number of requests for collections by application over a specified time period. Returns aggregated data showing how many DNS requests were made for each application within different collections. Use this to analyze application usage patterns across collections and understand which applications are generating the most traffic.
  • List Traffic Reports Total Applications Networks Stats: Get statistics showing the number of requests for sites by application across networks over a specified time period. Use this to analyze application usage patterns and DNS query volumes per application across your network infrastructure. Supports extensive filtering by networks, organizations, agents, applications, application categories, IP addresses, and traffic type (allowed/blocked/threats).
  • List Traffic Reports Total Applications Organizations: Tool to get statistics of number of requests for organizations by application in a period of time. Use when you need to analyze application usage patterns across different organizations within a specified time range.
  • List Traffic Reports Total Applications Stats: Get statistics of number of requests by application in a time period. Returns aggregated data showing how many requests were made to each application, useful for understanding traffic patterns and application usage across your DNSFilter deployment. Use when you need to analyze application-level traffic patterns or generate usage reports.
  • List Traffic Reports Total Applications Users Stats: Get statistics of the number of requests for users by application within a specified time period. Returns detailed application usage data broken down by user, showing which users are accessing which applications and how frequently. Use this to understand application usage patterns across users, identify heavy application users, and analyze user-level application access trends.
  • List Traffic Reports Total Categories: Get the total number of requests by category for sites in a period of time. Returns aggregated statistics showing how many DNS requests were made to each website category during the specified time range. Use this to understand category-level traffic patterns and analyze DNS request volumes across different website categories.
  • List Traffic Reports Total Categories Collections: Get the total number of DNS requests by category for collections over a specified time period. Returns aggregated statistics showing request counts grouped by website categories across collections. Use this to analyze category-level traffic patterns for collection-based deployments and identify browsing trends.
  • List Traffic Reports Total Categories for Agents: Get the total number of requests by category for roaming clients (user agents) during a specified time period. Use this to analyze category-level traffic patterns for roaming/mobile users, understand which website categories roaming users access most, and track security threats by category across your roaming user base.
  • List Traffic Reports Total Category Stats: Tool to get the total number of stats for a category in a period of time. Use when you need to analyze category-level request statistics including allowed, blocked, and threat requests within a specified time range.
  • List Traffic Reports Total Client Stats: Gets the organization network, users and client stats from traffic reports. Returns total and active counts for sites, users, roaming clients, and relays. Use this when you need to understand the deployment scale and active usage of DNSFilter protection across an organization. Note: The time period between 'from' and 'to' parameters must not exceed 20 minutes.
  • List Traffic Reports Total Collections: Get the total number of DNS requests by collection for sites over a specified time period. Returns aggregated data showing how many requests were made for each collection, optionally grouped by network. Use this to analyze DNS query volume across collections and understand which collections are receiving the most traffic.
  • List Traffic Reports Total Collections Agents: Get the total number of requests by collection for roaming clients over a specified time period. Returns aggregated request counts grouped by collection with support for extensive filtering by agents, organizations, networks, applications, IP addresses, and traffic type. Use this action to analyze DNS traffic patterns for roaming clients across different collections.
  • List Traffic Reports Total Collections Organizations: Get the total number of DNS requests by collection for organizations over a specified time period. Returns aggregated data showing how many DNS requests were made for each collection within different organizations. Use this to analyze collection usage patterns across organizations and understand which collections are generating the most traffic.
  • List Traffic Reports Total Collections Users: Get the total number of DNS requests by collection for users over a specified time period. Returns aggregated request counts grouped by collections and users, with support for time bucketing and extensive filtering. Use this to analyze collection-level traffic patterns per user, identify high-volume collections for specific users, and generate detailed usage reports across organizations.
  • List Traffic Reports Total Deployments: Gets the organization deployments information including collections, relays, sync tools, user agents, and users. Use this to retrieve deployment metrics and statistics for an organization or filtered by MSP/networks.
  • List Traffic Reports Total Domain Requests: Get the total number of requests for a domain over a specified time period. Returns aggregate request counts for domains, helping analyze domain access patterns and traffic volumes. Supports filtering by domain prefix, networks, organizations, and MSP accounts.
  • List Traffic Reports Total Domain Stats: Tool to get the total number of stats for a domain in a period of time. Use when you need to analyze domain-level request statistics including allowed, blocked, and threat requests within a specified time range.
  • List Traffic Reports Total Domains: Get the total number of requests by domain for sites in a period of time. Returns aggregated statistics showing how many DNS requests were made to each domain during the specified time range. Use this to understand domain-level traffic patterns and analyze DNS request volumes across different domains.
  • List Traffic Reports Total Domains Collections: Tool to retrieve the total number of DNS requests by domain for collections within a specified time period. Use when you need to analyze which domains are being accessed most frequently, track collection-level traffic patterns, or generate domain usage reports. Supports extensive filtering by agents, networks, organizations, collections, time ranges, and traffic types (allowed/blocked). Results can be grouped by individual collections or aggregated across all collections.
  • List Traffic Reports Total Domains Users: Gets the total number of DNS requests by domain for users in a period of time. Use this when you need to analyze domain traffic patterns across users or generate traffic reports. At least one query parameter must be provided for the endpoint to work successfully.
  • List Traffic Reports Total Organizations Stats: Retrieves aggregated DNS traffic statistics across organizations for a specified time period. Returns total request counts (allowed, blocked, threats) and the organizations included in the report. Use this to monitor overall traffic patterns, identify security threats, and analyze DNS filtering effectiveness across your DNSFilter deployment.
  • List Traffic Reports Total Requests: Get the total number of DNS requests over a specified time period. Returns time-series data showing DNS request volumes aggregated by configurable time buckets (15 minutes or 1 day). Use this to analyze traffic patterns, identify peak usage times, and monitor DNS request volumes broken down by allowed, blocked, and total counts.
  • List Traffic Reports Total Requests Collections: Get the total number of requests for collections over a specified time period. Returns time-series data showing collection request volumes aggregated by configurable time buckets. Use this to analyze collection-specific traffic patterns and identify which collections are being used most frequently.
  • List Traffic Reports Total Requests Geo: Gets the total number of DNS requests by geographic location for organizations in a specified time period. Used for generating heatmap visualizations on the overview dashboard. Returns network IDs, organization IDs, and request counts grouped by geographic location.
  • List Traffic Reports Total Requests Users: Gets the total number of requests for users in a period of time. Use this to analyze DNS traffic patterns, monitor user activity, and generate reports on request volume. Supports extensive filtering by time range, user agents, networks, applications, and more. Results can be aggregated by different time buckets (15min or 1day) and optionally grouped by individual users.
  • List Traffic Reports Total Requests for Agents: Get the total number of requests for roaming clients (user agents) during a specified time period. Use this to analyze overall traffic volume from roaming/mobile users, track request patterns over time, and monitor total DNS query activity across your roaming user base.
  • List Traffic Reports Total Roaming Clients: Gets the roaming clients information for the specified organization. Use this to retrieve roaming client statistics and deployment information across organizations.
  • List Traffic Reports Total Threats: Get the total number of threats detected over a specified time period. Returns time-series data showing threat volumes aggregated by configurable time buckets (15 minutes or 1 day). Use this to monitor security threats, analyze threat patterns over time, and identify when threat activity is highest across networks and organizations.
  • List Traffic Reports Total Threats Agents: Get the total number of threats for roaming clients in a period of time. Returns time-series data showing threat counts aggregated by configurable time buckets for agents (roaming clients). Use this to analyze security threat patterns and monitor blocked malicious domains or categories detected for roaming clients.
  • List Traffic Reports Total Threats Users: Get the total number of threats for users in a period of time. Returns aggregated statistics showing security threats detected across users during the specified time range. Use this to monitor user-level threat activity and identify users encountering security issues.
  • List Traffic Reports by Category for Users: Gets the total number of DNS requests by category for users in a specified time period. Returns aggregated traffic data showing which content categories were accessed and by which users. Use this to analyze user browsing patterns, identify high-traffic categories, or generate security reports for a given time range.
  • List User Agent Bulk Deletes Counts: Tool to get user agent bulk delete counts by filtering criteria. Use when you need to determine how many user agents can be deleted or uninstalled and deleted based on various filters like agent state, network, tags, or online/offline status.
  • List User Agent Bulk Updates Counts: Tool to get user agent bulk delete counts by filters. Use when you need to determine how many user agents match certain criteria and whether they support remote uninstall. Returns counts of agents that can be deleted vs agents that can be both uninstalled and deleted.
  • List User Agent Releases: Gets a list of latest user agent releases for each unique combination of agent_type, architecture, release_channels, and white label. Use this to discover available agent versions for deployment across different platforms and release channels.
  • List User Agent Releases Relay: Tool to get a list of latest relay releases for each unique combination of architecture, release channels, and white label. Use when you need to retrieve available relay agent versions for deployment or updates.
  • List User Agent Tags: Retrieves all tags used by user agents on a network or organization. Tags help categorize and organize user agents for easier management and policy application. Use when you need to view available tags for filtering or grouping user agents.
  • List User Agents: List user agents with basic information in your DNSFilter organization. Use this action to retrieve user agents (installed client software) with filtering options for agent state, network, policy, and other attributes. Supports pagination and searching by keywords.
  • List User Agents CSV: Tool to export user agents as CSV data for a specific organization. Use when you need to retrieve a CSV-formatted list of user agents, optionally including suborg data.
  • List User Agents Counts: Tool to get counts of user agents for each status. Use when you need to retrieve statistics about user agents grouped by their protection status (protected, unprotected, bypassed, etc.). Supports filtering by organization, network, tags, and various other criteria.
  • List Users: Tool to get basic information for all users in your DNSFilter account. Use when you need to retrieve a list of users with their profile details. Supports pagination for large result sets.
  • Lookup Network By IP: Tool to get basic network information based on an IP address lookup. Use when you need to identify which network an IP belongs to and retrieve its block page configuration settings.
  • Remove Allowed Application: Removes a single application from the allow list of a policy in DNSFilter. Use this action when you need to revoke access for a specific application that was previously allowed. The application will be removed from the policy's allow_applications list and will no longer bypass filtering rules. This is useful for tightening security policies or removing applications that are no longer needed while maintaining the rest of the filtering configuration.
  • Remove Allowlist Domains from Policies: Tool to remove one or more domains from one or more policies' allow lists. Use when you need to bulk remove previously allowed domains from multiple policies at once, useful for security updates or policy cleanup.
  • Remove Blacklist Category: Tool to remove a single category from a policy's blocklist. Use when you need to unblock a specific content category that was previously restricted in a DNS filtering policy. The category will be removed from the policy's blacklist_categories array, allowing domains in that category to be accessed.
  • Remove Blacklist Domain From Policy: Tool to remove a single domain from a policy's blocklist. Use when you need to unblock a specific domain that was previously blocked by a policy, such as when correcting false positives or updating filtering rules. The domain will be removed from the specified policy's blacklist_domains list.
  • Remove Blocked Application: Removes a single application from the block list of a policy in DNSFilter. Use this action when you need to unblock a specific application that was previously blocked by the filtering policy. The application will be removed from the policy's block_applications list and will no longer be blocked by this policy. This is useful for allowing previously blocked applications while maintaining other filtering rules.
  • Remove Blocklist Domains: Tool to remove one or more domains from one or more policy block lists in bulk. Use when you need to unblock domains across multiple policies simultaneously, such as when removing false positives or updating block list policies.
  • Remove Whitelist Domain from Policy: Tool to remove a single domain from a policy's whitelist/allowlist. Use when you need to revoke access for a previously allowed domain, useful for security updates or policy cleanup.
  • Resend User Invite: Tool to resend an invitation email to a user in a DNSFilter organization. Use when a user hasn't received their original invitation or needs a new invitation link. The invitation will be sent to the user's registered email address.
  • Suggest Domain Threat: Submit a domain threat report to DNSFilter for review and potential threat categorization. Use this action when you have identified a suspicious or malicious domain that should be reported to DNSFilter. The submission will be reviewed by DNSFilter's security team and may result in the domain being categorized as a threat, which will improve protection for all DNSFilter users. This is typically used for reporting newly discovered phishing sites, malware distribution domains, spam sources, or other malicious domains that are not yet properly categorized.
  • Update Billing Address: Updates the billing address for a DNSFilter organization. Use this when you need to modify billing contact information, shipping addresses, or invoice recipient details for an organization.
  • Update Current User: Updates profile attributes for the currently authenticated DNSFilter user. Use this action to modify the user's first name, last name, or phone number. At least one field must be provided in the update request. Common use cases include updating contact information or correcting profile details.
  • Update Enterprise Connection: Updates an existing enterprise connection for SSO authentication in DNSFilter. Use this action to modify enterprise connection settings such as display name, identity provider configuration, authorized domains, role mappings, and OAuth credentials. Commonly used for updating OIDC, Okta, Azure AD, or Google Workspace SSO integrations. Note: To set a custom login URL, update the organization's 'unique_id' attribute using the PATCH /v1/organizations endpoint.
  • Update IP Address: Updates an existing IP address record in DNSFilter with new data. This action modifies an IP address entry by its ID, allowing you to change the IP address itself, reassign it to a different network or organization, or update its dynamic hostname. Common use cases include: - Updating an IP address when your gateway IP changes - Moving an IP address to a different network - Setting or updating the dynamic hostname for better identification Prerequisites: - Must have a valid IP address ID (use GET_IP_ADDRESS or LIST_IP_ADDRESSES to retrieve IDs) - Must provide all required fields (address, organization_id, network_id) even if only changing one - User must have authorization to update IP addresses in the target network
  • Update MAC Address: Updates an existing MAC address entry in DNSFilter with new configuration. This action allows you to modify MAC address settings including the physical address itself, organization assignment, filtering policies, block pages, and custom filter values. Common use cases include: - Correcting a MAC address that was entered incorrectly - Reassigning a MAC address to a different organization - Applying custom filtering policies to specific devices - Setting custom block pages for certain MAC addresses Prerequisites: - Must have a valid MAC address ID (use LIST_MAC_ADDRESSES or LIST_ALL_MAC_ADDRESSES to retrieve) - Must provide organization_id in the update payload - User must have authorization to update MAC addresses Notes: - If both policy_id and scheduled_policy_id are provided, scheduled_policy_id takes precedence - The filter_value defaults to the MAC address without colons if not specified - Returns HTTP 422 if the update cannot be processed with the specified data
  • Update Organization User: Updates a user or permissions within an organization in DNSFilter. Use this action to modify user details such as email, name, phone, role, or organization permissions. Common use cases include updating contact information, changing user roles between administrator and read-only, or modifying organization access permissions.
  • Update Organizations: Updates an existing organization with the specified data in DNSFilter. Use this action to modify organization information such as name, billing contacts, address, licensing, MSP management settings, or custom login configurations. Common use cases include updating billing information, changing the organization name, adjusting license quantities, or configuring enterprise SSO settings.
  • Update Policies: Updates an existing DNS filtering policy with the specified configuration in DNSFilter. Use this action to modify filtering rules including blocked/allowed categories, domain lists, safe search enforcement, and application controls for an existing policy. Only include fields you want to update - all fields are optional except the policy ID. Common use cases include enabling/disabling safe search, updating domain allow/block lists, modifying category blocking rules, and changing application controls. Use the append_domains parameter to add to existing domain lists rather than replacing them.
  • Update Policies Application: Updates a policy with the specified application data, configuring which policies allow or block access to an application. This action assigns allow and block policy rules to a specific application, controlling which users (based on their assigned policies) can access the application. Common use cases include: - Setting up application-level filtering rules for specific user groups - Blocking access to certain applications for specific policies - Allowing access to applications only for designated policies Prerequisites: - Must have a valid organization_id - Must have a valid application_id (use LIST_APPLICATIONS to retrieve available applications) - Must provide both allow_policies and block_policies lists (can be empty arrays) - User must have authorization to update policies in the target organization
  • Update Policy Permissive Mode: Tool to update the permissive mode setting for a specific policy. Use when you need to enable or disable permissive mode for a DNS filtering policy.
  • Update Scheduled Policies: Updates an existing scheduled policy in DNSFilter with the specified data. Use this action to modify time-based policy configurations that control filtering rules based on schedules throughout the week. Only include fields you want to update - all fields except the ID are optional. Scheduled policies allow you to apply different filtering policies at different times. Common use cases include stricter filtering during work hours, relaxed filtering during breaks, or different policies for weekdays vs weekends.
  • Update Scheduled Reports: Updates an existing scheduled report configuration in DNSFilter. Use this action to modify report frequency, delivery schedule, content options, or recipient settings. Common use cases include changing the day of the week for report delivery, adjusting which content categories are included, or enabling/disabling threat summaries.
  • Update User Agent Cleanups: Updates a user agent cleanup operation in DNSFilter. Use this to modify the inactivity threshold or start/restart a cleanup job. This action allows you to: 1. Change the 'inactive_for' threshold to adjust which agents are included in the cleanup (automatically restarts the job) 2. Start the cleanup process by setting 'start' to true (only works if 'inactive_for' is not provided) Common use cases: - Adjust the inactivity threshold from 30 to 45 days to be more conservative about deletions - Start a previously configured cleanup job that hasn't been started yet - Restart a cleanup job with a new threshold to recalculate which agents should be deleted Note: When 'inactive_for' is provided, it takes precedence and restarts the job, making 'start' parameter ineffective.
  • Validate Auth0 JWT: Tool to validate a JWT with Auth0. Use when you need to confirm token validity before making DNSFilter API calls.

How to connect Dnsfilter

  1. Sign in to Definable AI and go to Apps
  2. Search for Dnsfilter and click Connect
  3. Authorize via OAuth2 — takes under 30 seconds
  4. Use Dnsfilter actions in your AI agents and workflows