Automation & APIs

React faster at the wire with BlueCat and ExtraHop

With the BlueCat ExtraHop Plugin, automatically create missing PTR records, and detect and react to security threats before they reach DNS servers.

Last updated: September 15, 2025

An avatar of the author
Mark E. Mikhail
Close-up of network switch with fiber cables, illustrating real-time packet-level visibility and monitoring at the wire
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.

The article explains how the BlueCat ExtraHop Plugin helps enterprise network teams get closer to real-time network data at the wire to detect and remediate DNS-related problems and threats before they affect users. It describes two operational use cases—self-healing missing PTR records to restore email access via BlueCat Address Manager and BlueCat Gateway automation, and applying BlueCat Edge blocking policies triggered by ExtraHop AI to stop threats before they reach DNS servers. The outcome is faster detection and remediation, improved service-level agreements and user experience, and an added security layer that maintains resource uptime and reduces revenue and security risks.

How does the ExtraHop Plugin help when a PTR record is missing and users can’t access email?

When a PTR record is missing, ExtraHop detects the issue at the wire and triggers automation through BlueCat Gateway to create a new record in BlueCat Address Manager based on administrator-defined rules. This self-healing workflow closes the gap caused by migrations or stale records, restores the necessary DNS state for email delivery, and reduces the operational time to resolve the outage. By automating record creation, network teams can improve user experience and reduce the revenue and business impact of email service disruption without manual ticketing or slow manual intervention.

In what way does using ExtraHop with BlueCat Edge enhance threat mitigation compared to only blocking at DNS servers?

ExtraHop provides AI-based detection at the wire, allowing network teams to identify advanced threats in real time as they approach DNS infrastructure. When ExtraHop detects suspicious activity, it can trigger BlueCat Edge blocking policies before the traffic reaches DNS servers, adding a proactive layer of defense upstream of DNS. This approach complements BlueCat Edge’s DNS-level threat intelligence by accelerating detection and remediation, reducing the window of exposure and preventing threats from reaching and impacting DNS services and dependent applications.

Why is getting data at the wire considered more effective than a "log all" approach according to the article?

The article argues that observing data at the wire gives faster, more immediate visibility into network behavior, which enables quicker, rules-driven automation and remediation compared with collecting and parsing large volumes of logs. Wire-level detection reduces the latency between event occurrence and response, making automated actions like creating DNS records or applying blocking policies more timely and economically efficient. This real-time approach is presented as more stable for maintaining uptime and preventing user-impacting errors and threats than relying solely on post-facto log analysis.

It’s no secret among network admins that the closer you can get to real-time data, the faster you can react. But without the tools to interpret data at the wire and automate with rule-based business logic, network teams can’t intervene before the business feels the impact. This gap in tools can result in poor user experiences or increased risk of security breaches.

Get closer to the wire with the ExtraHop Plugin

Today’s enterprise network teams leverage the BlueCat ExtraHop Plugin to get closer to the wire. With it, they can:

  1. Reduce time to detect threats before they reach DNS servers.
  2. Improve service-level agreements by creating missing records for critical services and users.
  3. React faster with AI to detect threats.

Let’s look at two everyday situations that organizations face today:

The elusive PTR record

One of the most critical services that keeps business moving is email. A missing PTR record can mean a user is unable to access email services. It’s not uncommon for these records to go missing or become stale, especially during migration or integrations with other tools. To fix this, network teams must create a new record in BlueCat Address Manager.

With BlueCat Gateway, ExtraHop can self-heal when a missing record is detected. It triggers automation tasks to create a missing record based on rules defined by admins. By leveraging BlueCat Gateway, ExtraHop can intervene to ensure a good user experience and reduce business revenue risks.

Stopping threats in their tracks

Traditionally, meeting a threat head-on meant detecting and stopping it at the DNS server level. Although BlueCat Edge provides advanced DNS security with powerful threat intelligence tools, organizations can bolster security by applying it at the wire. Today’s advanced network teams can meet cyber threats in real-time as they reach the server. To add this additional security layer, network and security teams use machine AI from ExtraHop to detect threats and apply BlueCat Edge blocking policies before they reach DNS servers.

Network teams need tools to accelerate the detection and remediation of errors and threats. Having an ear to data at the wire provides a more immediate, economic, and stable solution for automation than “log all” approaches. The BlueCat ExtraHop Plugin enhances the visibility and resolution of errors and threats to help maintain resource uptime. Consequently, it helps ensure that users can successfully and safely access critical services and apps.

Visit the BlueCat Adaptive Catalog to learn more.

Published in:

Automation & APIs

Published on: January 22, 2021

An avatar of the author

Mark is a Senior Product Marketing Manager at BlueCat Networks.

Related content

Close-up of interlocked metal chain links symbolizing connected network objects and relationships in IPAM
Blog

How to map your network with user-defined links in Integrity X

Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.

Read more
Flock of geese flying in formation across a blue sky, framed by a pink graphic border, symbolizing coordinated network migrat
Blog

Automate your DDI modernization path by migrating with Micetro

Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.

Read more
Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more
Stacked colorful wooden directional arrows on a post by a calm seaside with distant hills and blue sky
Blog

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)

Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.

Read more