Domain Cards

Domain Intelligence Cards (aka Domain Cards) provide an on-demand summary of essential information related to a specific Domain or DNS Names, and are updated in real time as Recorded Future collects new information. You can use Domain Cards as a starting point when assessing whether observation of a given Domain in a specific context is an Indicator of Compromise, and further can be used in security control rules to block or detect incidents. Domain Cards are also pivot points during investigations that start with another indicator, a malware tool, a vulnerability, or a threat actor.

Descriptions of several common components of the Domain Card are found in the Overview of Intelligence Cards; the details below are specific to the Domain Card:

Domain Cards: Parent Domain, Siblings, and DNS Names within a Domain

Similar to the /24 Subnet summary shown in IP Address Cards, Domain Cards present a summary of related Domains and DNS names. For a DNS name within a domain, this summary section includes the parent Domain and sibling DNS names. For a Domain, this summary section includes DNS names within the Domain.

Intelligence Partner Extensions

Extensions are integrations that enhance Domain Cards with content from our Intelligence Partners. Click here to learn more.

Was this article helpful?
0 out of 0 found this helpful

The content of this article is confidential and intended solely for the use of individuals with authorized access to the Recorded Future service. Do not download or distribute this article.
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment. Please note that your name will be displayed. If you would like to change how your name appears, please update your profile name.