Domain Intel Cards (aka Domain Cards) provide an on-demand summary of essential information related to a specific Domain or DNS Names, and are updated in real time as Recorded Future collects new information. You can use Domain Cards as a starting point when assessing whether observation of a given Domain in a specific context is an Indicator of Compromise, and further can be used in security control rules to block or detect incidents. Domain Cards are also pivot points during investigations that start with another indicator, a malware tool, a vulnerability, or a threat actor.
Descriptions of several common components of the Domain Card are found in the Overview of Intel Cards; the details below are specific to the Domain Card:
Domain Cards: Parent Domain, Siblings, and DNS Names within a Domain
Similar to the /24 Subnet summary shown in IP Address Cards, Domain Cards present a summary of related Domains and DNS names. For a DNS name within a domain, this summary section includes the parent Domain and sibling DNS names. For a Domain, this summary section includes DNS names within the Domain.
Intelligence Partner Extensions
Extensions are integrations that enhance Domain Cards with content from our Intelligence Partners. Click here to learn more.