Farsight Security
This document explains how to set up and use Farsight Security with TruSTAR Station.
- Time to Install: 10 minutes
- Feed Type: Closed <requires <<intel feed name>> subscription>
- Update Mechanism: Query-based
- Update Frequency: 15 minutes
- API Timeout: <interval>
This integration queries Farsight's DNSDB and returns Passive DNS results for associated indicators.
Requirements
- A subscription to Farsight Security DNSDB.
- A Farsight Security DNSDB API key.
Getting Started
- Log into TruSTAR Station.
- Click the Marketplace icon on the left side icon list.
- Click Closed Sources.
- Click Subscribe on the Farsight Security box.
- Enter your Farsight Security API key and click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
FAQ
Q: What data is pulled from Farsight DNSDB?
A. The integration pulls reports from Farsight that have cyber IOC’s. These include:
- IP
- Domain
- URL (Domains are extracted from URL)
Contact TruSTAR to discuss additional indicators that can be queried from Farsight DNSDB.
Known Issues
No reported issues.
