Explore Historic DNS - Search with Risk Scores
A traditional DNS lookup gives you where a selected DNS record points at that moment in time, so today if I do a lookup for bbc.co.uk it will give me 4 IPs that it points to, one of them being 184.108.40.206.
A Passive DNS search shows you a DNS history as seen in passively collected traffic. So, if I lookup a domain only seen in traffic once I will get the IP address it had at that time.
Passive Active DNS shows DNS history as collected actively every day to give a richer view that can show patterns of changes and behavior, as well as combining passive collection techniques. So, if we lookup the same domain that was only seen in traffic once but it actually had a new IP address every day for the last year, we will see each IP address it had for the year. This is what we make available in our Explore feature.
How does this information get used? Mature security teams or security vendors will use the information to track threat actors and create their own security feeds. We’ve made this easier by adding Risk Scores to the results.
So now you get an immediate visual aid to help you decide what is risky. If you want to add this to your blocklists or feeds you simply click on the checkbox and add it to a feed or a collection(draft Feed).
All of these items are also enriched with additional context to help your security team with decision making. So even if a domain or IP has not yet been seen or added to any threat feed we can give you a good indication as to whether it is likely to be used maliciously or not.
Spoofing and Brand Monitoring
This can also be applied to Spoofing queries. Lets say you search across all DNS for something that looks like your brand, but is not on your network, and- has an IP address today.
Results come with Risk Scores
All of your results from this query will become populated with Silent Push Risk Scores so your analysts know where to focus.
Register for Community Edition
Silent Push Community Edition is a free threat hunting and cyber defense platform that features a huge range of advanced offensive and defensive lookups, web content queries, and enriched data types.