Farsight Security
This document explains how to set up and use the Farsight Security premium intelligence source with the TruSTAR Web App.
Farsight Security’s DNSDB™ is a Passive DNS historical database that provides a unique, fact-based, multi-faceted view of the configuration of the global Internet infrastructure. DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts.
- Source Type: Premium Intel
- Update Type: Query-based
- Time to Install: 10 minutes
Data Types
The integration pulls these Observables from Farsight:
- IP (both IPv4 and IPv6 are supported)
- URL
- Domain (extracted from the URL)
Requirements
- A subscription to Farsight Security DNSDB.
- A Farsight Security DNSDB API key.
Getting Started
- Log into the TruSTAR Web App.
- Click the Marketplace icon on the left side navigation bar.
- Click Premium Intel.
- Click Subscribe on the Farsight Security box.
- Enter your Farsight Security API key and click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
TruSTAR Report Mapping
Field | Explanation | Example |
Report Title | <IOC Type> <IOC Value> | IP XX.XX.72.34 |
External ID | Encoded value of <Report Title> | |
Report Body | Full JSON response | |
Time Begun | None | |
Tags | None |
Known Issues
No reported issues.
Please reach out to support@trustar.co if you have issues with this integration.