Farsight Security

Updated 5 days ago by Elvis Hovor

This document explains how to set up and use Farsight Security with TruSTAR Station.

  • Time to Install: 10 minutes
  • Feed Type: Closed <requires <<intel feed name>> subscription>
  • Update Mechanism: Query-based
  • Update Frequency: 15 minutes
  • API Timeout: <interval>

This integration queries Farsight's DNSDB and returns Passive DNS results for associated indicators.


  • A subscription to Farsight Security DNSDB.
  • A Farsight Security DNSDB API key.
TruSTAR Admin rights are required to activate this closed source feed.

Getting Started

  1. Log into TruSTAR Station.
  2. Click the Marketplace icon on the left side icon list.
  1. Click Closed Sources.
  2. Click Subscribe on the Farsight Security box.
  3. Enter your Farsight Security API key and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.


Q: What data is pulled from Farsight DNSDB? 

A. The integration pulls reports from Farsight that have cyber IOC’s. These include:

  • IP
  • Domain
  • URL (Domains are extracted from URL)

Contact TruSTAR to discuss additional indicators that can be queried from Farsight DNSDB.

Known Issues

No reported issues.

Please reach out to support@trustar.co if you have issues with this integration.

How Did We Do?