Fortinet Document Library

Version:


Table of Contents

Farsight Security DNSDB

1.0.0
Copy Link

About the connector

Farsight Security DNSDB is a Passive DNS historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure.

This document provides information about the Farsight Security DNSDB connector, which facilitates automated interactions, with a Farsight Security DNSDB server using FortiSOAR™ playbooks. Add the Farsight Security DNSDB connector as a step in FortiSOAR™ playbooks and perform automated operations, such as searching and retrieving information about domains, IP addresses, or name servers that you have specified.

 

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later

Compatibility with Farsight Security DNSDB Server Versions: 0.2.2 and later

 

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

  • You must have the URL of Farsight Security DNSDB server to which you will connect and perform the automated operations and the API Key configured for your account to use that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Farsight Security DNSDB connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL URL of the Farsight Security DNSDB sandbox server to which you will connect and perform the automated operations.
API Key API key that is configured for your account for using the Farsight Security DNSDB server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Search Domain Searches and retrieves information about a domain from the Farsight Security DNSDB server, based on the Domain name and other input parameters you have specified. lookup_domain
Investigation
Search IP Searches and retrieves information about an IP address from the Farsight Security DNSDB server, based on the IP Address and other input parameters you have specified. lookup_ip
Investigation
Search Name Server Searches and retrieves information about a name server from the Farsight Security DNSDB server, based on the Name Server name and other input parameters you have specified. domain_details
Investigation

 

operation: Search Domain

Input parameters

 

Parameter Description
Wildcard Type Type of Wildcard based on which you want to search the Farsight Security DNSDB server. You can choose from the following options: Normal Search, Left Side Wildcard, or Right Side Wildcard.
By default, this is set to Normal Search.
Domain Name of the Domain that you want to search for and retrieve information from the Farsight Security DNSDB server.
From (Optional) Start date and time from when you want to retrieve information about the specified domain from the Farsight Security DNSDB server.
To (Optional) End date and time till when you want to retrieve information about the specified domain from the Farsight Security DNSDB server.
DNS Record Type Type of DNS record related to the domain if you want to retrieve a specific type of DNS records. By default, this is set to Any. 
You can choose from the following options: Any, A6, AAAA, AFSDB, CNAME, DNAME, HINFO, ISDN, KX, NAPTR, NXT, MB, MD, MF, MG, MINFO, MR, MX, NS, PTR, PX, RP, RT, SIG, SOA, SRV, TXT, ANY-DNSSEC, DLV, DNSKEY, DS, NSEC, NSEC3, NSEC3PARAM, and RRSIG.
Max Records (Optional) Maximum number of records to be retrieved from the Farsight Security DNSDB server.
By default, this is set to 100.

 

Output

The JSON output contains information about the domain retrieved from the Farsight Security DNSDB server, based on the Domain name and other input parameters you have specified.

Following image displays a sample output:

 

Sample output of the Search Domain operation

 

operation: Search IP

Input parameters

 

Parameter Description
IP Address IP address that you want to search for and retrieve information from the Farsight Security DNSDB server.
From (Optional) Start date and time from when you want to retrieve information about the specified IP address from the Farsight Security DNSDB server.
To (Optional) End date and time till when you want to retrieve information about the specified IP address from the Farsight Security DNSDB server.
Network Prefix (Optional) CIDR range.
Max Records (Optional) Maximum number of records to be retrieved from the Farsight Security DNSDB server.
By default, this is set to 100.

 

Output

The JSON output contains information about the IP address retrieved from the Farsight Security DNSDB server, based on the IP address and other input parameters you have specified.

Following image displays a sample output:

 

Sample output of the Search IP operation

 

operation: Search Name Server

Input parameters

 

Parameter Description
Name Server Name of the Name Server that you want to search for and retrieve information from the Farsight Security DNSDB server.
For example, ns5.dnsmadeeasy.com
From (Optional) Start date and time from when you want to retrieve information about the specified Name Server from the Farsight Security DNSDB server.
To (Optional) End date and time till when you want to retrieve information about the specified IP address from the Farsight Security DNSDB server.
DNS Record Type Type of DNS record related to the Name Server if you want to retrieve a specific type of DNS records. By default, this is set to Any. 
You can choose from the following options: Any, A6, AAAA, AFSDB, CNAME, DNAME, HINFO, ISDN, KX, NAPTR, NXT, MB, MD, MF, MG, MINFO, MR, MX, NS, PTR, PX, RP, RT, SIG, SOA, SRV, TXT, ANY-DNSSEC, DLV, DNSKEY, DS, NSEC, NSEC3, NSEC3PARAM, and RRSIG.
Max Records (Optional) Maximum number of records to be retrieved from the Farsight Security DNSDB server.
By default, this is set to 100.

 

Output

The JSON output contains information about the Name Server retrieved from the Farsight Security DNSDB server, based on the name of the Name Server and other input parameters you have specified.

Following image displays a sample output:

 

Sample output of the Search Name Server operation

 

Included playbooks

The Sample-Farsight-Security-DNSDB-1.0.0 playbook collection comes bundled with the Farsight Security DNSDB connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Farsight Security DNSDB connector.

  • Search Domain
  • Search IP
  • Search Name Server

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

Farsight Security DNSDB is a Passive DNS historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure.

This document provides information about the Farsight Security DNSDB connector, which facilitates automated interactions, with a Farsight Security DNSDB server using FortiSOAR™ playbooks. Add the Farsight Security DNSDB connector as a step in FortiSOAR™ playbooks and perform automated operations, such as searching and retrieving information about domains, IP addresses, or name servers that you have specified.

 

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later

Compatibility with Farsight Security DNSDB Server Versions: 0.2.2 and later

 

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, select the Farsight Security DNSDB connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL URL of the Farsight Security DNSDB sandbox server to which you will connect and perform the automated operations.
API Key API key that is configured for your account for using the Farsight Security DNSDB server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Search Domain Searches and retrieves information about a domain from the Farsight Security DNSDB server, based on the Domain name and other input parameters you have specified. lookup_domain
Investigation
Search IP Searches and retrieves information about an IP address from the Farsight Security DNSDB server, based on the IP Address and other input parameters you have specified. lookup_ip
Investigation
Search Name Server Searches and retrieves information about a name server from the Farsight Security DNSDB server, based on the Name Server name and other input parameters you have specified. domain_details
Investigation

 

operation: Search Domain

Input parameters

 

Parameter Description
Wildcard Type Type of Wildcard based on which you want to search the Farsight Security DNSDB server. You can choose from the following options: Normal Search, Left Side Wildcard, or Right Side Wildcard.
By default, this is set to Normal Search.
Domain Name of the Domain that you want to search for and retrieve information from the Farsight Security DNSDB server.
From (Optional) Start date and time from when you want to retrieve information about the specified domain from the Farsight Security DNSDB server.
To (Optional) End date and time till when you want to retrieve information about the specified domain from the Farsight Security DNSDB server.
DNS Record Type Type of DNS record related to the domain if you want to retrieve a specific type of DNS records. By default, this is set to Any. 
You can choose from the following options: Any, A6, AAAA, AFSDB, CNAME, DNAME, HINFO, ISDN, KX, NAPTR, NXT, MB, MD, MF, MG, MINFO, MR, MX, NS, PTR, PX, RP, RT, SIG, SOA, SRV, TXT, ANY-DNSSEC, DLV, DNSKEY, DS, NSEC, NSEC3, NSEC3PARAM, and RRSIG.
Max Records (Optional) Maximum number of records to be retrieved from the Farsight Security DNSDB server.
By default, this is set to 100.

 

Output

The JSON output contains information about the domain retrieved from the Farsight Security DNSDB server, based on the Domain name and other input parameters you have specified.

Following image displays a sample output:

 

Sample output of the Search Domain operation

 

operation: Search IP

Input parameters

 

Parameter Description
IP Address IP address that you want to search for and retrieve information from the Farsight Security DNSDB server.
From (Optional) Start date and time from when you want to retrieve information about the specified IP address from the Farsight Security DNSDB server.
To (Optional) End date and time till when you want to retrieve information about the specified IP address from the Farsight Security DNSDB server.
Network Prefix (Optional) CIDR range.
Max Records (Optional) Maximum number of records to be retrieved from the Farsight Security DNSDB server.
By default, this is set to 100.

 

Output

The JSON output contains information about the IP address retrieved from the Farsight Security DNSDB server, based on the IP address and other input parameters you have specified.

Following image displays a sample output:

 

Sample output of the Search IP operation

 

operation: Search Name Server

Input parameters

 

Parameter Description
Name Server Name of the Name Server that you want to search for and retrieve information from the Farsight Security DNSDB server.
For example, ns5.dnsmadeeasy.com
From (Optional) Start date and time from when you want to retrieve information about the specified Name Server from the Farsight Security DNSDB server.
To (Optional) End date and time till when you want to retrieve information about the specified IP address from the Farsight Security DNSDB server.
DNS Record Type Type of DNS record related to the Name Server if you want to retrieve a specific type of DNS records. By default, this is set to Any. 
You can choose from the following options: Any, A6, AAAA, AFSDB, CNAME, DNAME, HINFO, ISDN, KX, NAPTR, NXT, MB, MD, MF, MG, MINFO, MR, MX, NS, PTR, PX, RP, RT, SIG, SOA, SRV, TXT, ANY-DNSSEC, DLV, DNSKEY, DS, NSEC, NSEC3, NSEC3PARAM, and RRSIG.
Max Records (Optional) Maximum number of records to be retrieved from the Farsight Security DNSDB server.
By default, this is set to 100.

 

Output

The JSON output contains information about the Name Server retrieved from the Farsight Security DNSDB server, based on the name of the Name Server and other input parameters you have specified.

Following image displays a sample output:

 

Sample output of the Search Name Server operation

 

Included playbooks

The Sample-Farsight-Security-DNSDB-1.0.0 playbook collection comes bundled with the Farsight Security DNSDB connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Farsight Security DNSDB connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.