Stay up to date with Real-Time DNS intelligence

The Security Challenge

Cybercriminals create and tear down their Internet infrastructures at ever-faster rates.

As adversaries refine and evolve their attack methods, data must be collected and shared in real-time so that security teams can detect and respond to threats with equal speed.

Security professionals have a wealth of data but much of it is data from the past — the equivalent of looking in the rear view mirror while trying to drive forward. They need real-time insights into global Internet activity to increase the actionable value of threat data and understand their impact.

The Farsight Solution

As the leader in global DNS intelligence, we provide a variety of real-time data.

Here is a list of our most popular channels. A complete list is available here


Messages sent to non-public and hidden network addresses


Select fields from emails sent to global honeypot spamtraps

Phishing URL’s

PhishLabs data for malicious sites involved in phishing campaigns

Processed DNS Data

Raw DNS data that has been de-duplicated, filtered and verified

Newly Active Domains

Domains that were active and went dormant for at least 10 days before the next observation

Newly Observed Domains

Base Domains considered ‘New’ when compared to historical database

DNS Changes

Domains and IP addresses that have changed compared to historical database

For more information on real-time data connection options, please contact us

Contact Us

Our Global DNS Sensor Array

Security Information Exchange (SIE)

Our world class Passive DNS sensor array feeds into our highly scalable data-sharing platform in which data is collected, aggregated, processed, and rebroadcast in real-time.

SIE data enables security professionals to accurately identify, map, and protect their networks from cybercrime activity by providing global visibility on a turnkey basis. It provides immediate access to worldwide real-time data without the need to develop or deploy your own data collection infrastructure. Using data collected from Farsight’s global sensor array, SIE streams more than 200,000 observations per second, including:

Aside from the channels listed above, we also provide:

  • Raw and processed Passive DNS data.
  • Darknet/darkspace telescope data.
  • Full-text spam trap “spamples”.
  • Phishing URLs.
  • Sinkhole requests from infected clients.
  • Intrusion detection system (IDS)/firewall blocking log data.

“Farsight’s SIE platform is the most complete real-time security telemetry of its kind.”

Real-time data is available using our SIE platform as “channels”. Channels are available for subscription and have a variety of ways of delivery.

Delivery options

SIE Batch

Designed to combat the challenges with consuming real-time data, SIE Batch allows subscribers to select, or “batch”, their available real-time data sets and pinpoint data needed for their investigations. Available via both API and a Web interface, subscribers can log into SIE Batch and download a recent sample of data (from 2 minutes to 12 hours in length) or download a specific time period of data they need. In addition, Farsight offers a SIE Batch API that lets subscribers easily access SIE data (in file format) from a program or script.

SIE Local Access

Subscribers that need to receive a large volume of content can co-locate a Linux host in one of Farsight’s two Equinix production data centers in Palo Alto, California or Ashburn, Virginia and cross-connect to our network infrastructure.

SIE Remote Access (SRA)

Content can also be delivered through an encrypted TCP stream over the Internet, which allows subscribers to invoke a first-order filtering capability across a set of channels, selecting only the subset of records that match specific domain name/IP address search criteria.