This document explains how to set up the Farsight Security premium intelligence source in the TruSTAR platform.
Farsight Security’s DNSDB™ is a Passive DNS historical database that provides a unique, fact-based, multi-faceted view of the configuration of the global Internet infrastructure. DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts.
- Source Type: Premium Intel
- Update Type: Query-based
- Time to Install: 10 minutes
- IP (both IPv4 and IPv6)
- Domain (extracted from the URL)
- A subscription to Farsight Security DNSDB.
- A Farsight Security DNSDB API key.
- Log into the TruSTAR Web App.
- Click the Marketplace icon on the left side navigation bar.
- Click Premium Intel to view the feeds available.
- Click Subscribe on the Farsight Security box.
- Enter your Farsight Security API key and click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
TruSTAR Report Mapping
The information retrieved from this intelligence source is stored in the Farsight Security Enclave using this format.
<Observable Type> <IOC Value>
Encoded value of <Report Title>
Full JSON response
No reported issues.