Bambenek DGA Feed

Updated 1 month ago by TruSTAR

This article explains how to set up the Bambenek DGA Feed premium intelligence source in the TruSTAR platform.

This self-curating feed monitors malicious networks to observe current criminal activity and collect relevant domain information, producing high-confidence data with very low false positives.

  • Time to install: 10 minutes
  • Source Type: Premium Intelligence
  • Update Type: Feed-based

Observables Supported

  • Domain

Requirements

  • A paid subscription to the Bambenek DGA Feed.
  • Your Bambenek DGA Feed API key.
TruSTAR Admin rights are required to activate this premium intelligence source.

Getting Started

  1. Log into the TruSTAR Web App.
  2. Click the Marketplace icon on the left side icon list.
  3. Click Premium Intel to view the sources available.
  4. Click Subscribe on the Bambenek DGA Feed box. This displays a dialog box.
  5. Enter your Bambeneck API key and API Secret, then click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping

The information retrieved from this intelligence source is stored in the Bambenek DGA Enclave using this format.

Field 

Explanation

Title

bambenek_dga[“domain“]

Content

External ID

None

Value

Domain listed in the DGA Feed

Type

Domain

Maliciousness Score

High

relatedObservables

bambenek_dga[“nsname“]

bambenek_dga[“nsip“]

Tags

Malware family

Known Issues

No reported issues.

Please reach out to support@trustar.co if you have issues with this integration.


How Did We Do?