Farsight DNSDB
App Vendor: Farsight DNSDB
App Category: Data Enrichment & Threat Intelligence
Connector Version: 1.0.1
API Version: v1
About App
The Farsight DNSDB app allows security teams to integrate with the Farsight DNSDB enterprise app to gain free access to the world’s largest DNS intelligence database. Farsight Security DNSDB is the world’s largest DNS intelligence database that provides a unique, fact-based, multifaceted view of the configuration of the global internet infrastructure. DNSDB leverages the richness of Farsight’s security information exchange (SIE) data-sharing platform and is engineered and operated by the leading DNS experts. Farsight collects passive DNS data from its global sensor array. It then filters and verifies the DNS transactions before inserting them into the DNSDB, along with ICANN-sponsored zone file access download data. the end result is the highest-quality and most comprehensive DNS intelligence data service of its kind with more than 100 billion DNS records since 2010.
The Farsight DNSDB app is configured with Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Domain Name Lookup | This action queries the rrset index, which supports forward with wildcard lookup based on the owner name of a rrset using a URL, or domain. |
Reverse Domain Name Lookup | This action queries the rdata index, which supports an inverse with wildcard lookup based on rdata record values for domains and their DNS type. |
Reverse IP Address Lookup | This action searches rdata index, which supports an inverse with wildcard lookup based on rdata record values for IP addresses and their DNS type. |
Configuration Parameters
The following configuration parameters are required for the Farsight DNSDB app to communicate with the Farsight DNSDB enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
API Key | Enter the API key to access the Farsight DNSDB instance. | Password | Required |
Action: Domain Name Lookup
This action queries the rrset index, which supports forward with wildcard lookup based on the owner name of a rrset using a URL, or domain.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL | Enter the URL. | Text | Required | Wildcard lookups are supported. For example, *.cyware.com. |
Limit | Enter the number of results to retrieve. | Integer | Optional | Default value: 10 |
Max Count | Enter the maximum count. | Integer | Optional | Default value: 100 Maximum value: 1,000,000 |
DNS Type | Enter the DNS type. | Text | Optional | Allowed values:
|
Summarize | Choose to retrieve a summary of rdata. | Boolean | Optional | Default value: false Allowed values:
|
Action: Reverse Domain name lookup
This action queries rdata index, which supports an inverse with wildcard lookup based on rdata record values for domains and their DNS type.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
URL | Enter the URL. | Text | Required | Wildcard lookups are supported. For example, *.cyware.com. |
Limit | Enter the number of results to retrieve. | Integer | Optional | Default value: 10 |
Max Count | Enter the maximum count. | Integer | Optional | Default value: 100 Maximum value: 1,000,000 |
DNS type | Enter the DNS type. | Text | Optional | Allowed values: •a •aaaa •ns •mx •came •soa |
Additional Parameters | Enter additional parameters in the form of key-value pairs. | Key Value | Optional | Allowed values:
|
Action: Reverse IP address lookup
This action searches rdata index, which supports an inverse with wildcard lookup based on rdata record values for IP addresses and their DNS type.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Address | Enter the IP address in IPv4 or IPv6 format. | Text | Required | |
Subnet | Enter the subnet in CIDR notation. Example: "32 | Text | Optional | By default, the value of the subnet is none. |
Limit | Enter the number of results to retrieve. | Integer | Optional | Default value: 10 |
Max Count | Enter the maximum count. | Integer | Optional | Default value: 100 Maximum value: 1,000,000 |
DNS type | Enter the DNS type. | Text | Optional | Allowed values: •a •aaaa •ns •mx •came •soa |
Summarize | Choose to retrieve a summary of rdata. | Boolean | Optional | Default value: false Allowed values:
|