SecurityTrails

Updated

This article describes the intelligence card extension for Security Trails.

SecurityTrails API | ProgrammableWeb

SecurityTrails holds various internet intelligence data from Domain, DNS, WHOIS and IP addresses uses in integrations across many uses cases with risk scoring, fraud detection, infrastructure assessment and management, cybercrime management, information security and much more.

The SecurityTrails extension will be available to any customer that has a subscription to the Threat Intelligence, SecOps Intelligence and/or Brand Intelligence modules

It will allow the analyst to explore complete current and historical data for DNS and Domain information dated back to 2008, as well as historical reverse DNS resolution from IP Addresses up to 120 days for thorough analysis and support of investigations. 

Extending Domain Intelligence Cards

You can enrich any Domain Intelligence Card with any of the below records from Security Trails:

  • A
  • AAAA
  • MX
  • SOA
  • CNAME
  • TXT

The example of the card below shows the context on a malicious domain

Screen_Shot_2020-09-15_at_10.37.06_PM.png

In this example, the additional contextual information on current and historical dates of the where (A records), when (dates), who (SOA records), and many more details in other records can be indications for further compromise.  With the additional context provided, an analyst can move to the next steps of investigations and understand the full impact of a compromise, then take the necessary measures to alert necessary parties and move to remediation steps.

Screen_Shot_2020-09-15_at_10.30.53_PM.png

 

Extending IP Address Intelligence Cards

You can enrich any IP Address Intelligence Card with the below records from Security Trails:

  • A
  • CNAME

The example of the card below shows the context on a malicious IP Address.

In this example, the additional contextual information on current and historical dates of the where (A records), when (dates), and associated risk levels are provided.  The analysts has the necessary details to take immediate action to move to remediation, drastically reducing response times.

 

rDNS.png

Visual Job Aid

For a step-by-step walkthrough of how to use the extension, download this job aid.

pDNS_UI_Ext_job_aid_.png

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
1 out of 1 found this helpful

Articles in this section

See more