ceven

Control D

Automates DNS policy enforcement, monitors network traffic patterns, and manages device access rules across your entire organization from a single interface.

Try Control D in Ceven

Ask Ceven anything
Standard

Why use Ceven?

  1. AI native Control D integration

    • Describe the outcome and Ceven picks the right Control D calls, fills the parameters, and checks the result.
    • Structured, agent friendly tool schemas so each call runs reliably instead of by guesswork.
    • Rich coverage for reading, writing, and querying your Control D data, across all 54 of its actions.

  2. Managed auth

    • Built in OAuth with automatic token refresh and rotation.
    • One place to manage, scope, and revoke Control D access.
    • Per user and per environment credentials instead of shared keys.

  3. Agent optimized design

    • Actions are tuned from real success and error rates so reliability climbs over time.
    • Full execution logs so you always know what ran in Control D, when, and on whose behalf.
    • The agent pauses and asks when Control D is unclear instead of plowing ahead.

  4. Enterprise grade security

    • Fine grained access so you control which agents and people can reach Control D.
    • Least privilege by default, read scopes first and only the writes a workflow needs.
    • A full audit trail of every Control D action to support review and sign off.

Supported tools

Every action Ceven's agents can run on Control D, and when to use it.

Get Devices
Pull a full inventory of all devices associated with the account to audit active connections.
Create Device
Provision a new device and retrieve the necessary DNS resolvers for setup.
Get Profiles
List all DNS profiles to see current configuration sets available for assignment.
Create Profile
Provision a new blank profile or clone an existing one to start building a new policy set.
Update Profile
Modify settings or names for an existing profile using its unique identifier.
List Custom Rules
Retrieve all custom DNS rules for a profile, including those in the root folder.
Create Custom Rules
Push new DNS rules to a specific profile to block or redirect traffic.
Delete Profile Rule
Remove a specific custom rule by hostname to restore access to a domain.
Get Profile Analytics
Pull usage data and traffic statistics for a specific profile to identify trends.
Get Top Domains
Identify the most visited domains within a profile to audit network usage.
Create Profile Schedule
Set up time based access windows for specific DNS rules within a profile.
List Services by Category
Pull all available services within a specific category to build filter lists.
Delete Device by ID
Tool to delete a Control D device. Use when you need to remove a device by its identifier after confirming the device_id.
Delete Profile by ID
Tool to delete a profile. Use when you need to remove a profile by its ID after ensuring it is not enforced by any device.
Delete Profile Rule by Hostname
Tool to delete a specific custom rule by hostname from a profile. Use after confirming profile_id and hostname.
Delete Profile Rule by Rule ID
Tool to delete a specific custom rule by its ID within a profile. Use after confirming profile_id and rule_id.
Delete Profile Rule in Folder
Tool to delete a specific custom rule within a folder. Use after confirming profile_id, rule_id, and folder_id.
Delete Profile Schedule
Tool to delete a specific schedule within a profile. Use after confirming profile_id and schedule_id.
List Known Access IPs
Tool to list known IPs associated with the account. Use when you need to retrieve recent access IPs for device resolver queries.
Get Analytics Endpoints
Tool to list analytics storage regions and their endpoints. Use after authenticating to retrieve available analytics regions.
Get Organization Details
Tool to view the authenticated organization's details. Use after confirming a valid API token.
Get Profile Options
Tool to get all available profile options. Use when you need to retrieve the possible configurations for profiles after authenticating.
Get Profile by ID
Tool to retrieve details of a specific profile by its ID. Use when you need full profile details after confirming the profile_id.
Get Profile Analytics Logs
Tool to list analytics log entries for a given profile. Use after confirming profile ID and optional date filters to fetch logs.
Get Analytics Log Entry
Tool to retrieve a specific analytics log entry by its ID. Use when you need details of an analytics log for a given profile.
Get Profile Analytics Summary
Tool to fetch a summary of analytics data for a given profile. Use after confirming profile ID and desired date range.
Get Profile Analytics Top Domains
Tool to fetch top domains accessed within a specific profile. Use after confirming profile ID.
Get Profile Top Services
Tool to fetch top services accessed within a profile. Use after confirming the profile ID and desired date range.
Get Profile Filters
Tool to list native filters associated with a specific profile. Use when you have a profile ID and need to retrieve its filters and their states.
List External Filters for Profile
Tool to list third party filters for a specific profile. Use when you need to retrieve all external filters and their states after confirming the profile ID.

30 actions · scroll to see them all

Frequently asked questions

Ceven uses a secure API token system to communicate with Control D. You generate a token within your Control D dashboard and provide it to the Ceven integration settings. This token is encrypted at rest using AES 256 and is only injected into the request header when the agent executes a specific tool call. We do not share this token with the large language model itself. If you suspect a token is compromised, you can rotate it in the Control D dashboard and update the value in Ceven to restore connectivity immediately without affecting your existing workflows.
Yes. By combining a security feed with the Create Custom Rules action, Ceven can monitor external threat intelligence and push block rules to your Control D profiles the moment a domain is flagged. You can set up a workflow that triggers whenever your security scanner finds a new phishing URL, which then tells the Ceven agent to find all relevant profiles and apply a block rule. This removes the need for a human to manually log into the DNS dashboard and add entries during an active incident response.
Ceven is bound by the limits of your specific Control D subscription tier. For example, some plans have a hard cap on the number of custom rules per profile. If the agent attempts to create a rule that exceeds this limit, Control D will return an error which Ceven captures and reports back to you. To manage this, you can build a cleanup workflow that uses the List Custom Rules tool to find and delete old or redundant entries before pushing new ones to ensure you stay under your plan limits.
Ceven uses the analytics endpoints to pull raw data about domain access and service usage. The agent can fetch a summary of the top domains or dive into specific log entries for a given profile. Because this data is voluminous, the agent typically aggregates the results before presenting them to you. You can ask for a weekly report of the most blocked categories or a list of devices that are triggering the most security alerts, and Ceven will handle the pagination and data parsing automatically.
Absolutely. Ceven can map your user directory to specific Control D profiles. When a new user is added to a group in your identity provider, Ceven can trigger the Create Profile tool to clone a template and then use the Modify Device tool to link that user's hardware to the new profile. This allows for fine grained control where marketing has one set of filters and engineering has another, all managed by a single set of automated rules rather than manual assignments.
Yes. The integration supports creating and managing rules within specific folders. This is useful for organizing rules by project or risk level. You can tell the agent to list all rules in a specific folder or to delete all rules within a certain group. By leveraging folder IDs, Ceven can ensure that it only modifies a subset of rules without risking the stability of your root profile configuration, providing an extra layer of safety for complex network setups.
Yes. While Control D has native scheduling, Ceven can orchestrate these schedules through the API. You can use the Create Profile Schedule tool to define when certain rules are active. Alternatively, you can use Ceven's own internal scheduler to trigger the Update Profile action at specific times. This is ideal for implementing temporary access for contractors or creating a focused work environment during business hours by blocking distracting services and then automatically lifting those blocks in the evening.
If a device is removed from Control D while a Ceven agent is attempting to modify it, the API will return a not found error. Ceven is designed to handle these exceptions gracefully. The agent will notify you that the device ID no longer exists in the system and will suggest updating your device inventory list. Because the agent checks the current state via the Get Devices tool before performing write actions, these collisions are rare but are always logged for your review.

Alternatives to Control D

Other tools that solve a similar problem. Ceven supports these too, so you can switch or run more than one at once.

NextDNS logoNextDNSCloudflare Gateway logoCloudflare GatewayOpenDNS logoOpenDNS

Try Ceven on your stack

Plug Ceven on top of the tools you already run. Connect Control D and the rest of your stack, describe the outcome, and its agents handle the work end to end, days of it in minutes.

Get started for free