Domain Cards

Domain Intelligence Cards (aka Domain Cards) provide an on-demand summary of essential information related to a specific Domain or DNS Names, and are updated in real time as Recorded Future collects new information. You can use Domain Cards as a starting point when assessing whether observation of a given Domain in a specific context is an Indicator of Compromise, and further can be used in security control rules to block or detect incidents. Domain Cards are also pivot points during investigations that start with another indicator, a malware tool, a vulnerability, or a threat actor.

Descriptions of several common components of the Domain Card are found in the Overview of Intelligence Cards; the details below are specific to the Domain Card:

Domain Cards: Parent Domain, Siblings, and DNS Names within a Domain

Similar to the /24 Subnet summary shown in IP Address Cards, Domain Cards present a summary of related Domains and DNS names. For a DNS name within a domain, this summary section includes the parent Domain and sibling DNS names. For a Domain, this summary section includes DNS names within the Domain.

Intelligence Partner Extensions

Extensions are integrations that enhance Domain Cards with content from our Intelligence Partners. Click here to learn more.

Was this article helpful?
0 out of 0 found this helpful

This content is confidential. Downloading or distributing this content is in violation of your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Have more questions? Submit a request



Please sign in to leave a comment. Please note that your name will be displayed. If you would like to change how your name appears, please update your profile name.