Farsight Security's DNSDB is a Passive DNS historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure.
Connect Farsight Security DNSDB with Devo SOAR
Navigate to Automations > Integrations.
Search for Farsight Security DNSDB.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
API Key: The API key to connect to the Farsight Security DNSDB.
After you've entered all the details, click Connect.
Actions for Farsight Security DNSDB
Lookup RRset
The RRset lookup queries DNSDB's RRset index, which supports forward lookups based on the owner name of an RRset.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Owner Name Column Name | The name of the column holding the owner name of an RRset. | |
RRType Column Name | The name of the column holding the RRType to use. | Optional |
Bailiwick Column Name | The name of the column holding the Bailiwick to use. | Optional |
Before Column Name | Filter results by time. | Optional |
After Column Name | Filter results by time. | Optional |
Output
A JSON object containing multiple rows of result:
has_error: True/False
error: Message/Null
result: Success/Failure message.
``` {json}{ "has_error": true, "error": "An error occurred: HTTP Error 400: Bad Request" }
## Lookup Rdata by Name The Rdata lookup queries DNSDB's Rdata index, which supports inverse lookups based on Rdata record values. ### Input Field Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection. | Input Name | Description | Required | | :----------------- | :------------------------------------------------------------------------------------------ | :------- | | Type Column Name | The name of the column holding the type of a Rdata lookup. Should be 'name', 'ip' or 'raw'. | Required | | Value Column Name | The name of the column holding the value to use for the query. | Required | | RRType Column Name | The name of the column holding the RRType to use. | Required | | Before Column Name | Filter results by time. | Required | | After Column Name | Filter results by time. | Required | ### Output A JSON object containing multiple rows of result: - result: result: Success/Failure message. ``` {json}{ "has_error": true, "error": "An error occurred: HTTP Error 400: Bad Request" }
Release Notes
v2.0.0
- Updated architecture to support IO via filesystemv1.0.9
- Added documentation link in the automation library.