DomainTools

Going Live with Splunk SIEM 5 and Doing More with Splunk SOAR

48 — Thu, 06 Jun 2024 13:02:25 +0000

Enriched and Actionable Context for Malicious Connected Infrastructure Threat actors have long abused DNS for the delivery of phishing campaigns. Using Large Language Models (LLMs) and targeting mobile users has allowed malicious activity to scale. These demands scaled contextual data in the SOC, giving SIEMs and other platforms more to manage. Executing high-volume queries with […]

Automatically Chasing CNAMEs in Farsight DNSDB Scout

54 — Thu, 22 Feb 2024 16:49:08 +0000

Mapping Domain Names to IP Addresses: Going From a Name To An IP Address May Not Happen Directly in Just a Single Step There’s a new feature available in Farsight DNSDB Scout — the ability to automatically “chase” (or iteratively resolve) Canonical Name (CNAME) records in Farsight DNSDB with the goal being to get to […]

Elevate Your Cyber Defense with the Cortex XSOAR and DomainTools Integration

54 — Thu, 25 Jan 2024 16:47:28 +0000

In the digital age, cyber threats like phishing, ransomware, and malicious network communication are not just nuisances; they are sophisticated attacks that can cripple businesses. To combat these ever-present and evolving threats, a robust cybersecurity strategy is essential. Enter the integration of DomainTools with Palo Alto’s Cortex XSOAR, a powerhouse combination that provides a proactive […]

New Improvements to dnsdbq

54 — Thu, 30 Nov 2023 16:46:21 +0000

Introduction Casual passive DNS users often like Farsight DNSDB Scout for its easy-to-use point-and-click graphical user interface, whereas analysts working “at scale” often end up using dnsdbq, our command line interface client to DNSDB. dnsdbq is particularly convenient for big projects where you may be doing thousands or even hundreds of thousands of queries. For […]

What’s New With Iris Investigate and Enrich Fall 2023

54 — Thu, 09 Nov 2023 16:41:33 +0000

Happy autumn! We’ve been busy at DomainTools bringing new features to our products, and we’d like to share some things we’ve recently added to Iris Investigate. Many of these items were requested by practitioners, so this is a good reminder that your DomainTools team is always interested in your feedback and feature requests! Domain History […]

Enrich More With Splunk 4.4

54 — Thu, 22 Jun 2023 15:31:21 +0000

We are excited to share the latest updates to the DomainTools app for Splunk and Splunk Enterprise Security. With this new release, users can gain deeper insights into their network infrastructure and proactively identify potential security threats. For new users, the DomainTools integration with Splunk is already one of our most powerful, enabling organizations to […]

New Major Version of SIE Remote Access (SRA)

54 — Thu, 18 May 2023 15:51:32 +0000

Introduction After years of development work, DomainTools is happy to announce the release of a new version of Farsight SIE Remote Access (SRA), AXA Version 3. SRA is used by Security Information Exchange (SIE) customers to bring data from SIE to the customer’s location over an encrypted network tunnel. SRA is a convenient solution for […]

Farsight DNSDB Time-Fenced Queries: the "New World" Code Is Now Faster-Running

54 — Thu, 06 Apr 2023 15:59:29 +0000

An Improved Farsight DNSDB Experience The Farsight DNSDB Engineering Team is relentlessly “on the hunt” for ways to improve our DNSDB customers’ experience. One area prioritized for attention has been the speed of some DNSDB time-fenced queries. We’re happy to report that the engineering team has developed and deployed an optimization to help speed up […]

Introducing the New Iris Investigate

54 — Wed, 05 Apr 2023 18:24:03 +0000

Today DomainTools is excited to release a new version of Iris Investigate, our flagship infrastructure investigation product. We are introducing new ways for you to identify malicious behavior and manage investigations of domains. We also streamlined the user interface, so it’s easier to use while also providing flexibility so you can prioritize the data that […]

The Perfect Pair: Integrating DomainTools Data Sets in Microsoft’s Sentinel SIEM Product

48 — Tue, 01 Nov 2022 04:00:37 +0000

The Power of World-Class Passive DNS for SIEM What happens when you add world-class passive DNS and domain registration data to one of the leading SIEM platforms? Interesting incident response (IR) and hunting use cases are unlocked! Today, we are happy to announce the integration of the DomainTools Iris Investigate and Farsight DNSDB data sets […]