Farsight Security

Updated 5 months ago by Elvis Hovor

This document explains how to set up and use Farsight Security with TruSTAR Station.

Farsight Security’s DNSDB™ is a Passive DNS historical database that provides a unique, fact-based, multi-faceted view of the configuration of the global Internet infrastructure. DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts.

  • Source Type: Premium Intel
  • Update Type: Query-based
  • Time to Install: 10 minutes

Data Types

The integration pulls these indicators from Farsight:

  • IP (both IPv4 and IPv6 are supported)
  • URL
  • Domain (extracted from the URL)


  • A subscription to Farsight Security DNSDB.
  • A Farsight Security DNSDB API key.
TruSTAR Admin rights are required to activate this premium intel source.

Getting Started

  1. Log into TruSTAR Station.
  2. Click the Marketplace icon on the left side icon list.
  3. Click Premium Intel.
  4. Click Subscribe on the Farsight Security box.
  5. Enter your Farsight Security API key and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping




Report Title

<IOC Type> <IOC Value>

IP XX.XX.72.34

External ID

Encoded value of <Report Title>

Report Body

Full JSON response

Time Begun




Known Issues

No reported issues.

Please reach out to support@trustar.co if you have issues with this integration.

How Did We Do?