Farsight Blog

Creating a Heatmap From SIE Channel 204 Data

Thursday, January 26, 2017 By Joe St. Sauver and Ben April

1. Introduction In “Geolocating & Mapping IP Address Data From SIE”, we collected, geolocated and plotted roughly 3.5 million dots on a map of the world. One thing that quickly became obvious is that it’s hard to interpret that much data on a single plot – you can see that there’s a dense “pile of points” in some regions, but not much beyond that. See Figure 1: Figure 1. Our Final Map From Last Time...

Read more

Geolocating & Mapping IP Address Data From SIE

Monday, January 16, 2017 By Joe St. Sauver

1. Introduction As part of our effort to help people visualize data obtained from the Security Information Exchange (see the October 7th, 2016 post “Visualizing SIE Channel 204 Data”), we thought it might be interesting to try geolocating and mapping IP addresses from SIE Channel 204. The IP addresses we’ll be working with are IP addresses for “sites that people are trying to access” (and NOT the IP addresses where queries are coming from NOR...

Read more

Farsight's DNSDB Plugin for Splunk

Wednesday, December 7, 2016 By Joe St. Sauver

1. Introduction Splunk is a very popular log management tool, terrific for digging into syslog data and similar data sources. Splunk also represents another potential interface to Farsight Security’s DNSDB while also providing a convenient way for analysts to easily/automatically enhance data managed by Splunk. 2. What We’re Going To Cover Today Because this is a longer blog post than many, we’ll begin by outlining what we’re going to cover, major chunk by major chunk:...

Read more

Raw Hex Rdata Queries: An Obscure (But Potentially Quite Useful) Bit Of DNSDB Functionality

Friday, November 25, 2016 By Joe St. Sauver

1. Introduction Farsight Security customers who use the web interface to DNSDB may have noticed a button marked “Raw Hex” when doing Rdata queries. See the highlighted red boxes in this screen shot: You may even have wondered why that button exists, or how you might use it. Some months ago, a number of Farsight staff discussed this very question, with the original developer of that functionality commenting: “hex is the ultimate search mode because...

Read more

Making Programmatic DNSDB Queries With libcurl

Friday, November 4, 2016 By Joe St. Sauver

1. Introduction Most users interact with DNSDB either through the web interface or via the sample command line interface (CLI) tools Farsight provides). However, sometimes you may need to make complex or conditional queries that don’t fit well with either of those options. In that case, DNSDB API access customers can call the DNSDB API directly from their own application. The DNSDB API documentation describes how to make “bulk, automated DNSDB queries via the HTTP...

Read more

Protect against cybercriminal activity in real-time.

Request demo

Email: sales@farsightsecurity.com Phone: +1-650-489-7919