San Mateo, California, October 20th, 2020, Today Farsight Security®, Inc., the leading cybersecurity provider of DNS Intelligence, announced general availability for DNSDB 2.0 Flexible Search. Now security analysts, threat hunters, brand protection teams, and incident responders can significantly expand their search for DNS-based assets using DNSDB. With Flexible Search, users can search for simple keywords such as “election” or phrases like “votebymail” or complex patterns, using new regular expression and globbing functionality, in order to uncover lookalike domains and other possible threats to their organization.
In a separate announcement, Farsight also unveiled Farsight Labs, a new platform for collaboration by the digital defense community, and a free tool, Expander, which enables security professionals to automate the generation of regular expressions.
DNSDB Flexible Search: What’s New
Bad actors can create, use, and discard domain names for malicious campaigns within minutes. Today, enterprises need tools to stay ahead of these fast-moving cyberthreats. With more than 100 billion DNS observations, DNSDB is the industry standard in historical passive DNS. The new DNSDB Flexible Search enables users to more effectively pinpoint the data they need to expose, correlate and contextualize their investigations. Users of DNSDB Flexible Search can:
- Search just parts of words. For example, if you're investigating drug crime, you may want to find all the domains that include oxycon, perco or hydroco
- Easily find look-alike domain names used for phishing attacks against their brands.
- Identify patterns and find matches for threat actor-generated hostnames/domain names
- Find candidate matches when working with incomplete or redacted information
- Identify domains relating simple generic terms to well-known brand names, from popular products to presidential campaigns
Today Farsight Security also debuts dnsdbflex, a C program for making regular expression and globbing queries to the DNSDB API. Dnsdbflex is a companion tool to dnsdbq, the DNSDB standard search command-line tool. Together they are perfect for server-based workflows and automation.
In addition, DNSDB Scout, the graphical interface for DNSDB, has been updated with the Flexible Search functionality. This update is available for both the Google Chrome extension (which also works in Brave!) and the Mozilla Firefox add-on. Scout is also available as a web version that can be used with any browser.
Since DNSDB Flexible Search was first announced, feedback from early adopters has been overwhelmingly positive!
The Cyber Defence Alliance (CDA) is a non-profit public-private partnership, headquartered in the United Kingdom. CDA works collectively and collaboratively across the financial sector and law enforcement globally to pro-actively share information, turning it into actionable intelligence to fight cybercrime and counter cyber threats.
“The tool is very straightforward to use, and with the power of RegEx and globbing on hand, is very flexible and powerful. The dataset being queried is massive, but any searches, no matter how complex, are returned in short order. This allows for rapid prototyping of searches, without interminable waits for results. Overall, the tool enables easy and quick searching of the dataset, with the flexibility for users to really stretch their analytical muscles and seek out those hidden gems of DNS data.” — CDA technical intelligence analyst
“We looked at the tool from a software perspective using the easy-to-use API within a tool that I wrote. Leveraging the API with the tool, we were able to query the database hourly looking for new domains that contained terms associated with our members. The RegEx and glob patterns for searching makes this a very flexible solution allowing the quick identification of suspicious domains for further investigation.” – CDA software developer
ThreatConnect Inc. provides cybersecurity software that reduces complexity for everyone, makes decision making easy by turning intelligence into action, and integrates processes and technologies to continually strengthen defenses and drive down risk.
- "While we haven't realized yet the full potential of Farsight's DNSDB 2.0 Flexible Search, we've already seen its utility in helping us build out an understanding of an adversary's infrastructure based on subdomain string reuse. The ability to incorporate these queries with regex into our domain and subdomain focused research is going to help us exploit the bad guys' tactics, almost certainly in ways we aren't even considering yet." – ThreatConnect Research Team Member
Pricing & Availability
DNSDB Flexible Search is available immediately to current DNSDB API customers and API trial users. To become a DNSDB API trial user, visit here. To become a DNSDB customer, please contact firstname.lastname@example.org. DNSDB Community Edition, the entry-level, free version of our flagship product, does not offer Flexible Search capabilities. DNSDB is available via an annual subscription.
About Farsight Security, Inc.
Farsight Security, Inc. is the world’s largest provider of historical and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at https://www.farsightsecurity.com/ or follow us at Twitter: @FarsightSecInc.