Farsight Security

Updated 2 weeks ago by TruSTAR

This document explains how to set up and use the Farsight Security premium intelligence source with the TruSTAR Web App.

Farsight Security’s DNSDB™ is a Passive DNS historical database that provides a unique, fact-based, multi-faceted view of the configuration of the global Internet infrastructure. DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts.

  • Source Type: Premium Intel
  • Update Type: Query-based
  • Time to Install: 10 minutes

Data Types

The integration pulls these Observables from Farsight:

  • IP (both IPv4 and IPv6 are supported)
  • URL
  • Domain (extracted from the URL)

Requirements

  • A subscription to Farsight Security DNSDB.
  • A Farsight Security DNSDB API key.
TruSTAR Admin rights are required to activate this Premium Intelligence feed.

Getting Started

  1. Log into the TruSTAR Web App.
  2. Click the Marketplace icon on the left side navigation bar.
  3. Click Premium Intel.
  4. Click Subscribe on the Farsight Security box.
  5. Enter your Farsight Security API key and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping

Field 

Explanation

Example

Report Title

<IOC Type> <IOC Value>

IP XX.XX.72.34

External ID

Encoded value of <Report Title>

Report Body

Full JSON response

Time Begun

None

Tags

None

Known Issues

No reported issues.

Please reach out to support@trustar.co if you have issues with this integration.


How Did We Do?