Farsight Security

Updated 1 month ago by Elvis Hovor

This document explains how to set up and use Farsight Security with TruSTAR Station.

Farsight Security’s DNSDB™ is a Passive DNS historical database that provides a unique, fact-based, multi-faceted view of the configuration of the global Internet infrastructure. DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts.

  • Source Type: Premium Intel
  • Update Type: Query-based
  • Time to Install: 10 minutes

Data Types

The integration pulls these indicators from Farsight:

  • IP (both IPv4 and IPv6 are supported)
  • URL
  • Domain (extracted from the URL)

Requirements

  • A subscription to Farsight Security DNSDB.
  • A Farsight Security DNSDB API key.
TruSTAR Admin rights are required to activate this closed source feed.

Getting Started

  1. Log into TruSTAR Station.
  2. Click the Marketplace icon on the left side icon list.
  3. Click Closed Sources.
  4. Click Subscribe on the Farsight Security box.
  5. Enter your Farsight Security API key and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping

Field 

Explanation

Example

Report Title

<IOC Type> <IOC Value>

IP XX.XX.72.34

External ID

Encoded value of <Report Title>

Report Body

Full JSON response

Time Begun

None

Tags

None

Known Issues

No reported issues.

Please reach out to support@trustar.co if you have issues with this integration.


How Did We Do?