Enricher - Farsight DNSDB#
Note
This article describes how to configure a particular enrichment source. To see how to configure enrichers in general, see Configure enrichers.
Specifications |
|
---|---|
Enricher name |
Farsight DNSDB |
Input |
Domain, host, and IP addresses (ipv4 and ipv6). |
Output |
Enriches supported observable types with passive DNS lookup information such as the name of the domain or host name owner, or the IP address a domain or host name points to. |
API endpoint |
|
Description |
The Farsight DNSDB enricher provides historical passive DNS information to relate domain names to the IP addresses they point to, or IPs pointing to different domains over time. |
Requirements#
Users need an API key for their own configuration. Sign up and subscribe to the service to obtain the required API key credentials to access the API endpoint exposing the service.
Configure the enricher parameters#
Edit the enricher.
From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the Farsight DNSDB enricher.
The API URL field is automatically filled in with the default domain for the endpoint.
You can add a proxy or set up ports according to your needs.
Default value:https://api.dnsdb.info/
.In the API key field, enter your API key.
In the Search results limit field, enter an integer to limit the maximum amount of returned results.
Default value: each time the enricher runs, it can return max. 1000 matches.In the Time last seen field, enter an integer to set a starting point in the past to retrieve matches from. The number indicates the number of days in the past from the current time.
Default value: 365 days (Each time the enricher runs, it looks for matches up to one year old).To store your changes, click Save; to discard them, click Cancel.