DNSDB™ Get Started Guide

A guide for new and experienced DNSDB users

1

Get a DNSDB API key

You may already have an API key or you can get started with a free 30-day trial API key.

FREE 30-DAY TRIAL
2

How to use your DNSDB API key

Threat platform, SIEM and SOAR

Your DNSDB API key is portable and can be used with many threat platforms, SIEM and SOAR solutions. You can even use it in multiple platforms at the same time.

Here are of some of our integrations. If you don’t see yours, please contact us.

Tools

The DNSDB API key is also available via the following tools:

DNSDB Scout
DNSDB Scout

DNSDB Scout™ is our new Google Chrome Extension™. It provides an HTML GUI on top of Farsight Security’s DNSDB API and supports all the major features of the API

Learn more
Blog post
DNSDB Scout™ – Farsight’s new Google Chrome Extension for querying DNSDB
Maltego
DNSDB API Free Trial for Maltego

Maltego is a visual link analysis tool that, out of the box, comes with open source intelligence (OSINT) plug-ins called transforms. Farsight DNSDB is now bundled into all versions of Maltego, including Community Edition (CE), Classic and XL.

Learn more
Blog post
Farsight DNSDB Bundles with Maltego To Enable Faster Investigations
SPLUNK
SPLUNK app

Farsight DNSDB App for Splunk® enables security analysts to improve the speed, accuracy and global view of their digital investigations for faster risk mitigation and prevention.

Learn more
Blog post
Farsight's DNSDB Plugin for Splunk
Command line

REST API

If you're a programmer and want to query DNSDB directly, here is the API documentation.

Api documentation

Resources

Blog post
Getting "Human" (ISO8601) Datetime Stamps From dnsdbq JSON lines-formatted Output
Blog post
Using Farsight's dnsdbq Command Line DNSDB Tool in a Microsoft Windows Environment: The "Windows Subsystem for Linux" Option
Blog post
"Black Box" Testing with the Python Black Box Tool (pbbt)
Blog post
Farsight's DNSDB Time Fencing: A Post-Attack "Time Machine"
3

Documentation

In order to get you started, here are some basic and advanced documents to support the use of the DNSDB API

File

API Documentation

File

Technical Documentation

File

More technical resources

Videos

Play DNSDB Overview DNSDB Overview - 2:14
Play Basic DNSDB Pivots Diving into DNSDB Pivots - 11:52
Play Pivots DNSDB Pivots Overview - 1:24
More videos

Case studies

Grizzly (Steppe) Case Study

CASE STUDY

Grizzly (Steppe) Case Study

How ThreatConnect® leverages DNSDB to Track Down the Grizzly (Steppe).

Download
Deloitte & Touche LLP case study

CASE STUDY

Deloitte & Touche LLP Case Study

Cerber Ransomware Investigation using Farsight's DNSDB™

Download
ThreatConnect case study

CASE STUDY

ThreatConnect, Inc. Case Study

ThreatConnect used Farsight Security's DNSDB™ to investigate Anthem breach-related activity.

Download

Blog posts

IPs, Address Ranges, and CIDR Block Queries in DNSDB API

by Joe St Sauver

In digital investigations, users may need to query hundreds or thousands of IP addresses. Joe St Sauver shows you how to query blocks of IP addresses.

Read more

Bulk Converting Internationalized Domain Names to Punycode With Perl and Net::IDN::Encode for Use With DNSDB

by Joe St Sauver

Joe St Sauver shows how to query DNSDB for Internationalzed Domain Names using different programming languages.

Read more

ASN-To-Prefixes-To-Domain Names -- Update to May 2017 Blog Article

by Joe St Sauver

Joe St Sauver explains how to use RIPE NCC's terrific service for the Scala query-by-ASN application.

Read more

Increase Incident Response Speed and Accuracy with Farsight DNSDB and Demisto Enterprise

by Karen Burke

Increase Incident Response Speed and Accuracy with Farsight DNSDB and Demisto Enterprise. Every transaction, good or bad, begins with a DNS lookup.

Read more
More blogs
Need additional help?

Contact our Technical Support team

By email:

support@farsightsecurity.com

By telephone:

+1-650-489-7919

Request a Demo

Request a customized demo to see our data in action and discover how Farsight DNS Intelligence can help your security operations

Request demo