Farsight Security

Updated 10 months ago by Elvis Hovor

Introduction

This document provides a description how paying customers of Farsight Security can correlate reports and indicators produced by Farsight DNSDB with intelligence stored in their TruSTAR enclaves. This integration will query Farsight's DNSDB and return Passive DNS results for associated indicators.

Requirements

  • Users need to have a subscription to Farsight Security DNSDB.
  • Users need Farsight Security DNSDB API key to enable the integration.

Configure Integration

After you have retrieved your Farsight API key follow these steps:

  1. Log into TruSTAR Station and go the Explore->Marketplace (https://station.trustar.co/browse/marketplace).
  2. Click on Closed Sources.
  3. Click on Farsight logo and fill in your API key.
  4. Click Submit.

TruSTAR will validate and enable the Farsight DNSDB integration within 48 hours. You will receive an email from us informing you as soon as it is enabled.


After the integration in enabled you should see it reports from Farssight being submitted into an enclave you control on TruSTAR.

Troubleshooting & FAQ's

Q: What data do you currently pull from Farsight DNSDB? 

Our integration currently only pulls reports from Farsight that have cyber IOC’s.

These include:

  • IP
  • Domain
  • URL (Domains are extracted from URL)
Please contact us if you would like to discuss additional indicators that can be queried from Farsight DNSDB.

Q: How often is the data pulled?

Please see this page for Farsight Security details.

Please reach out to support@trustar.co for any additional questions.

How Did We Do?