
Farsight DNSDB
Overview
The joint solution of ThreatQ™ and Farsight Security® (now part of DomainTools®) allows organizations to quickly enrich threat data and assist in proactive hunting, enabling them to work smarter and more efficiently to detect, react and stop attacks before they have a chance to start.
Farsight Security DNSDB is the world’s largest DNS intelligence database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure. DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts. Farsight collects Passive DNS data from its global sensor array. It then filters and verifies the DNS transactions before inserting them into the DNSDB, along with ICANN-sponsored zone file access download data. The end result is the highest-quality and most comprehensive DNS intelligence service of its kind — with more than 100 billion domain resolution records and updated in real-time at over 500,000 times/second.
INTEGRATION HIGHLIGHTS
- Accelerate incident response and expose the entire miscreant network by pivoting between Domains and IPs
- Find intelligence, enriched events, data and history in one place to enable focus on hunting
- Enable security, network and infrastructure teams to respond quicker using clear, correlated and contextualized threat intelligence data.
INTEGRATION USE CASES
The Integration supports a variety of use cases, such as:
- Expose entire adversarial infrastructure by enriching IOC domains and IPs to proactively hunt threats.
- Triage events and incidents with more confidence and actions to remediate.
- Examine historical resolution lookups and perform time-based analysis.
- Utilize the ability to deploy near real-time defensive actions to threats