DNS
- Jonas Gonzalez
Delivers various actions related to DNS.
Connect DNS with Devo SOAR
Navigate to Automations > Integrations.
Search for DNS.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
DNS Server: DNS Server to query the nameserver for the IP address of the given HOST. This value will get over-written with DNS Server if DNS Server is present in actions.
After you've entered all the details, click Connect.
Actions for DNS
Dig
Dig is a network administration command-line tool for querying Domain Name System (DNS) servers.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Column Name | Select the name of the column from parent table to lookup value for. | Required |
DNS Server | Jinja-templated DNS Server to query the nameserver for the IP address of the given HOST. This value will override the default value of DNS Server set at connection level. | Optional |
Output
A JSON object containing multiple rows of result:
result: The suspicious activity of the IP address.
``` {json}{ "ip": [ "162.210.196.173" ], "record_list": [ "A" ], "query": "ad.getfond.info" }
## NS Lookup
Query the nameserver for the IP address of the given HOST optionally using a specified DNS server.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :--------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------- |
| Lookup For | Select the name of the column from parent table to lookup value for. | Optional |
| DNS Server | [Jinja-templated](doc:jinja-template) DNS Server to query the nameserver for the IP address of the given HOST. This value will override the default value of DNS Server set at connection level. | Optional |
### Output
A JSON object containing multiple rows of result:
``` {json}{
"lookup": "125.227.70.80",
"dns_address": "125-227-70-80.HINET-IP.hinet.net"
}Whois
A tool for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
|---|---|---|
Column Name | Select the name of the column from parent table to lookup value for. | Required |
DNS Server | Jinja-templated DNS Server to query the nameserver for the IP address of the given HOST. This value will override the default value of DNS Server set at connection level. | Optional |
Output
A JSON object containing multiple rows of result:
``` {json}{ "start_ip": "['223.72.0.0', '223.64.0.0']", "end_ip": "['223.72.0.0', '223.117.255.255']", "data": { "nir": null, "asn_registry": "apnic", "asn": "56048", "asn_cidr": "223.72.0.0/16", "asn_country_code": "CN", "asn_date": "2010-07-01", "asn_description": "CMNET-BEIJING-AP China Mobile Communicaitons Corporation, CN", "query": "223.72.63.57", "network": { "handle": "223.64.0.0 - 223.117.255.255", "status": null, "remarks": [ { "title": "description", "description": "China Mobile Communications Corporation\nMobile Communications Network Operator in China\nInternet Service Provider in China", "links": null }, { "title": "remarks", "description": "service provider\n--------------------------------------------------------\nTo report network abuse, please contact mnt-irt\nFor troubleshooting, please contact tech-c and admin-c\nReport invalid contact via www.apnic.net/invalidcontact\n--------------------------------------------------------", "links": null } ], "notices": [ { "title": "Source", "description": "Objects returned came from source\nAPNIC", "links": null }, { "title": "Terms and Conditions", "description": "This is the APNIC WHOIS Database query service. The objects are in RDAP format.", "links": [ "http://www.apnic.net/db/dbcopyright.html" ] } ], "links": [ "http://rdap.apnic.net/ip/223.64.0.0/10" ], "events": [ { "action": "last changed", "timestamp": "2020-07-15T13:10:01Z", "actor": null } ], "raw": null, "start_address": "223.64.0.0", "end_address": "223.117.255.255", "cidr": "223.64.0.0/11, 223.96.0.0/12, 223.112.0.0/14, 223.116.0.0/15", "ip_version": "v4", "type": "ALLOCATED PORTABLE", "name": "CMNET", "country": "CN", "parent_handle": null }, "entities": [ "IRT-CHINAMOBILE-CN", "HL1318-AP" ], "objects": { "IRT-CHINAMOBILE-CN": { "handle": "IRT-CHINAMOBILE-CN", "status": null, "remarks": [ { "title": "remarks", "description": "abuse@chinamobile.com was validated on 2020-07-16", "links": null } ], "notices": null, "links": [ "http://rdap.apnic.net/entity/IRT-CHINAMOBILE-CN" ], "events": [ { "action": "last changed", "timestamp": "2020-07-16T05:55:01Z", "actor": null } ], "raw": null, "roles": [ "abuse" ], "contact": { "name": "IRT-CHINAMOBILE-CN", "kind": "group", "address": [ { "type": null, "value": "China Mobile Communications Corporation\n29, Jinrong Ave., Xicheng District, Beijing, 100032" } ], "phone": null, "email": [ { "type": null, "value": "abuse@chinamobile.com" }, { "type": null, "value": "abuse@chinamobile.com" } ], "role": null, "title": null }, "events_actor": null, "entities": null }, "HL1318-AP": { "handle": "HL1318-AP", "status": null, "remarks": null, "notices": null, "links": [ "http://rdap.apnic.net/entity/HL1318-AP" ], "events": [ { "action": "last changed", "timestamp": "2016-11-29T09:38:38Z", "actor": null } ], "raw": null, "roles": [ "technical", "administrative" ], "contact": { "name": "haijun li", "kind": "individual", "address": [ { "type": null, "value": "29,Jinrong Ave, Xicheng district,beijing,100032" } ], "phone": [ { "type": "voice", "value": "+86 1052686688" }, { "type": "fax", "value": "+86 10 52616187" } ], "email": [ { "type": null, "value": "hostmaster@chinamobile.com" }, { "type": null, "value": "abuse@chinamobile.com" } ], "role": null, "title": null }, "events_actor": null, "entities": null } }, "raw": null }, "ipaddress": "223.72.63.57" }
## whois (hostname)
WHOIS is a public database that houses the information collected when someone registers a domain name or updates their DNS settings.
### Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
| :----------- | :---------------------------------------------------------------------- | :------- |
| Domain or IP | [Jinja-templated](doc:jinja-template) text containing the Domain or IP. | Required |
### Output
JSON containing the following items:
``` {json}{
"whois_server":"whois.godaddy.com",
"registrant_postal_code":null,
"expiration_date":"2030-03-31 18:05:17",
"city":null,
"name_servers":[
"NS53.DOMAINCONTROL.COM",
"NS54.DOMAINCONTROL.COM"
],
"name":null,
"referral_url":null,
"state":null,
"dnssec":"unsigned",
"domain_name":"LOGICHUB.COM",
"country":null,
"updated_date":"2023-01-25 14:34:17",
"creation_date":"2010-03-31 18:05:17",
"has_error":false,
"registrar":"GoDaddy.com, LLC",
"error":null,
"status":[
"clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited",
"clientRenewProhibited https://icann.org/epp#clientRenewProhibited",
"clientTransferProhibited https://icann.org/epp#clientTransferProhibited",
"clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited"
],
"address":null,
"org":null,
"emails":"abuse@godaddy.com"
}Release Notes
v3.1.1- Added 1 new action:whois (hostname).v3.0.0- Updated architecture to support IO via filesystemv2.0.19- Added optional input DNS server field at connection level and in all three actions.v2.0.17- Added documentation link in the automation library.v2.0.14- Removed optional DNS server field and changed the Lable name to "Lookup For" for nslookup.v2.0.12- Changed name of "Column name" to "DNS Server" at nslookup's action level.v2.0.11- Added optional input DNS server field at connection level and nslookup's action level.