Continuing our mission of interoperability by design, we’re now partnered with Farsight Security to bring Farsight DNSDB, the world’s largest historical passive DNS database, to your screen in real-time. With a click of a button, Polarity users can now access critical information about chronological relationships between IP addresses and domain names to instantly advance investigations. Farsight DNSDB brings our total integrations to 32, and we couldn’t be more excited.
Why Farsight DNSDB?
Threat hunters, incident response teams, security analysts and other investigators leverage DNSDB to answer questions such as:
- Where did this domain name point to in the past?
- What domain names are/have been hosted on a given IP address?
- What domain names use a given nameserver?
- What fully-qualified domain names exist below a delegation point?
How does this help my team?
Cybercriminals will often hop from domain to domain, IP address to IP address, to avoid detection. Using Farsight DNSDB, security teams can identify shared infrastructure and list what’s been seen on a particular IP address over time; validate DNS configuration changes for a particular host or subdomain and track these movements – even if an adversary is using a fast flux domain; and identify related infrastructure such as domains using the same name server infrastructure used by a known bad domain.
As a Polarity user, you can now easily capture (tag) DNSDB information (entities) relevant to an investigation. Polarity also allows users to collaborate on the information tagged within the Polarity platform. For example, users can leave comments, and even upvote/downvote the information, bringing immediate awareness to everyone about how useful the data is!
Check out the integration in action:
Interested in a 30-day trial of Polarity’s integration with Farsight DNSDB? Visit here for more information .
For more information on Farsight Security, please visit: https://www.farsightsecurity.com
For more information on Polarity, please visit: https://polarity.io