Farsight DNSDB

By Farsight Security Inc.
Correlate and contextualize real-time and historical DNS data to expose networks and infrastructure.
# Infrastructure & Network Information # Recon # Incident Response # Intelligence Collection
Farsight DNSDB integration for Maltego

Farsight DNSDB Transforms for Maltego

Together, Farsight and Maltego have strengthened cyber investigations, providing actionable insights and expediting the investigation process. Farsight DNSDB® integrates with Maltego to provide seamless analytical workflows in the Maltego graph, enabling investigators and analysts to map connected infrastructure, run correlations, develop activity clustering and potential attribution, highlight risky traffic flows, and carry out other analyses to surface meaningful insights.

Farsight DNSDB data in Maltego

Typical Users of Farsight DNSDB Data

  • Threat Hunters and Network Defenders
  • SOC Analysts
  • Law Enforcement and Anti-fraud Analysts
  • Incident Responders

Integration Benefits

Propels Investigations

Investigators can transform a DNS datapoint such as a domain name, IP address, MX record, or Start of Authority (SOA) email address from any source into a comprehensive set of entities, connections, and dynamic properties to surface infrastructure, characterize or cluster actors, and highlight risk. The developed findings greatly increase the chance of intersection with existing Maltego graph data from other sources, helping expose key features of emerging or existing campaigns.

Builds Confidence in Investigative Conclusions

Farsight Security has made its name collecting, organizing, and provisioning the most comprehensive, timely, and accurate DNS data available anywhere. Investigations using Farsight and Maltego are based on ground-truth data observed across the entire Internet and updated in real time. For any analyst, precise and reliably-sourced data can make the difference between a successful outcome and a rabbit-hole exercise.

Leverage Farsight DNSDB Data for

Threat Hunting

By developing a more complete picture of the assets that adversaries are using in campaigns, threat hunters can identify patterns of infrastructure use that allow them to anticipate future moves by adversaries. This can enable blocking or alerting on emerging campaigns before they cause further harm.

Incident Response

Forensics and incident response investigators can expose entire networks, gain an outside-in view of their infrastructure to detect any suspicious or hostile activities and take measures to defend against malicious attacks on the systems.

Law Enforcement

The e-crime divisions within Law Enforcement Agencies use historical DNS data to correlate Internet and network traffic observations with other events, and gain insight into the source, ownership, and destination of Internet traffic. Farsight’s high-frequency updates mean officers can actively hunt for systems and people involved in cybercrime, such as hunting for the command server of an active malware campaign.
Read more

Resources

Articles

Free-Tier Data in the Transform Hub

Articles

Finding FQDNs associated with IPv4 ranges with Farsight DNSDB

Articles

Investigator Toolkit August 2022: Cheat Sheets for Faster and Spot-on Workflows

Case Studies

SolarWinds SUNBURST Compromise: Mapping Malicious Activity Using Farsight Historical Passive DNS and Maltego

Webinars

Webinar | Leveraging Passive DNS Data in Your Cyber Investigations with Farsight and Maltego (Part 1 of 3)

Webinars

Webinar | Integrating Farsight Passive DNS Intelligence with Other Maltego Data Sources (Part 2 of 3)

Webinars

Webinar | In-Depth Investigation and Advanced Techniques with Farsight and Maltego (Part 3 of 3)

Webinars

Webinar | Hunting for Lazarus: Mapping and Visualizing Adversary Infrastructure

Webinars

Webinar | SolarWinds SUNBURST Case Study: Mapping Malicious Activity Using Maltego and Farsight Historical Passive DNS

Briefs

Integrating Farsight in Maltego

Videos

How to Conduct Network Footprinting Using Maltego in 5 Minutes

Contact

Reach out to us to learn more about this data integration and how to access it.
By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About Farsight DNSDB

Farsight Security DNSDB® is the world’s largest DNS intelligence database that provides a unique, fact-based, multifaceted view of the configuration of global Internet infrastructure. DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform, and is engineered and operated by leading DNS experts. After collecting passive DNS data from its global sensor array, Farsight then filters and verifies the DNS transactions before inserting them into the DNSDB, along with ICANN- sponsored zone file access download data. The end result is the highest-quality and most comprehensive DNS intelligence service of its kind, with more than 100 billion domain resolution records and updated at rates of over 200,000/second. Fortune 1000 companies, global government agencies, and leading security solution vendors use Farsight’s DNSDB, Newly Observed Domains/Hostnames, and other DNS resources as critical ingredients in their threat investigation and mitigation work. Since November, 2021, Farsight Security has been part of DomainTools.

For more information, visit https://farsightsecurity.com.