Domain Intelligence Cards® provide an on-demand summary of essential information related to a specific Domain or DNS Names, and are updated in real time as Recorded Future collects new information. You can use Domain Cards as a starting point when assessing whether observation of a given Domain in a specific context is an Indicator of Compromise, and further can be used in security control rules to block or detect incidents. Domain Cards are also pivot points during investigations that start with another indicator, a malware tool, a vulnerability, or a threat actor.
Domain Intelligence Cards include the following tabs:
- Overview
- Risk Rules
- Insikt Group
- Technical Links
- Screenshot
- DNS Resources
- TLS
- WHOIS
- Extensions
Training Available
Use in app-guidance to view the workflow inside of Recorded Future.
Overview
The Intelligence Card Overview includes a Summary of relevant information about this domain as well as modals for Screenshots of the domain, Sandbox Analysis, Recorded Future AI Insights, triggered Risk Rules, and any Analyst Notes written by users in your organization.
Risk Rules
Clicking on the Risk Rules tab displays Risk History for this domain as well as information on all currently triggered risk rules. Use the drop-down menu in the top right to change the time period for the Risk History view: Last Month, Last 3 Months, and Last Year. Learn more about Domain Risk Rules.
Insikt Group
View any Insikt Group Notes or Research Links related to the domain.
Technical Links
View any Technical Links related to the domain. These events generally report indicators and technical data observations. You can filter by time to focus only on the most recent events or an extended time frame, and filter by category.
Screenshot
Recorded Future’s Domain Abuse use case now includes a screenshot of the domain, allowing you to quickly examine the content of a newly registered domain of interest and assess the risk it presents to their company.
The most recent domain screenshot can be found in the Overview of the Domain Intelligence Card as well as in the Screenshot tab, as shown below.
DNS Records
View subdomains, DNS Records, and DNS History for the domain.
TLS
View TLS certificates of the company’s domain. Information also includes the issuer, created date and expiration date.
WHOIS
View WHOIS Record Data for the domain. Both current and historical WHOIS records from the organisation’s domain are displayed; click on the timeline to see more details for a specific date.
Extensions
View data from available Intelligence Card Extensions, integrations that enhance Domain Intelligence Cards with content from our Intelligence Partners.