About the connector
Farsight Security DNSDB is a Passive DNS historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure.
This document provides information about the Farsight Security DNSDB connector, which facilitates automated interactions, with a Farsight Security DNSDB server using FortiSOAR™ playbooks. Add the Farsight Security DNSDB connector as a step in FortiSOAR™ playbooks and perform automated operations, such as searching and retrieving information about domains, IP addresses, or name servers that you have specified.
Version information
Connector Version: 1.0.0
Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later
Compatibility with Farsight Security DNSDB Server Versions: 0.2.2 and later
Installing the connector
For the procedure to install a connector, click here.
Prerequisites to configuring the connector
- You must have the URL of Farsight Security DNSDB server to which you will connect and perform the automated operations and the API Key configured for your account to use that server.
- To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
Configuring the connector
For the procedure to configure a connector, click here.
Configuration parameters
In FortiSOAR™, on the Connectors page, select the Farsight Security DNSDB connector and click Configure to configure the following parameters:
| Parameter |
Description |
| Server URL |
URL of the Farsight Security DNSDB sandbox server to which you will connect and perform the automated operations. |
| API Key |
API key that is configured for your account for using the Farsight Security DNSDB server. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function |
Description |
Annotation and Category |
| Search Domain |
Searches and retrieves information about a domain from the Farsight Security DNSDB server, based on the Domain name and other input parameters you have specified. |
lookup_domain
Investigation |
| Search IP |
Searches and retrieves information about an IP address from the Farsight Security DNSDB server, based on the IP Address and other input parameters you have specified. |
lookup_ip
Investigation |
| Search Name Server |
Searches and retrieves information about a name server from the Farsight Security DNSDB server, based on the Name Server name and other input parameters you have specified. |
domain_details
Investigation |
operation: Search Domain
Input parameters
| Parameter |
Description |
| Wildcard Type |
Type of Wildcard based on which you want to search the Farsight Security DNSDB server. You can choose from the following options: Normal Search, Left Side Wildcard, or Right Side Wildcard.
By default, this is set to Normal Search. |
| Domain |
Name of the Domain that you want to search for and retrieve information from the Farsight Security DNSDB server. |
| From |
(Optional) Start date and time from when you want to retrieve information about the specified domain from the Farsight Security DNSDB server. |
| To |
(Optional) End date and time till when you want to retrieve information about the specified domain from the Farsight Security DNSDB server. |
| DNS Record Type |
Type of DNS record related to the domain if you want to retrieve a specific type of DNS records. By default, this is set to Any.
You can choose from the following options: Any, A6, AAAA, AFSDB, CNAME, DNAME, HINFO, ISDN, KX, NAPTR, NXT, MB, MD, MF, MG, MINFO, MR, MX, NS, PTR, PX, RP, RT, SIG, SOA, SRV, TXT, ANY-DNSSEC, DLV, DNSKEY, DS, NSEC, NSEC3, NSEC3PARAM, and RRSIG. |
| Max Records |
(Optional) Maximum number of records to be retrieved from the Farsight Security DNSDB server.
By default, this is set to 100. |
Output
The JSON output contains information about the domain retrieved from the Farsight Security DNSDB server, based on the Domain name and other input parameters you have specified.
Following image displays a sample output:
operation: Search IP
Input parameters
| Parameter |
Description |
| IP Address |
IP address that you want to search for and retrieve information from the Farsight Security DNSDB server. |
| From |
(Optional) Start date and time from when you want to retrieve information about the specified IP address from the Farsight Security DNSDB server. |
| To |
(Optional) End date and time till when you want to retrieve information about the specified IP address from the Farsight Security DNSDB server. |
| Network Prefix |
(Optional) CIDR range. |
| Max Records |
(Optional) Maximum number of records to be retrieved from the Farsight Security DNSDB server.
By default, this is set to 100. |
Output
The JSON output contains information about the IP address retrieved from the Farsight Security DNSDB server, based on the IP address and other input parameters you have specified.
Following image displays a sample output:
operation: Search Name Server
Input parameters
| Parameter |
Description |
| Name Server |
Name of the Name Server that you want to search for and retrieve information from the Farsight Security DNSDB server.
For example, ns5.dnsmadeeasy.com |
| From |
(Optional) Start date and time from when you want to retrieve information about the specified Name Server from the Farsight Security DNSDB server. |
| To |
(Optional) End date and time till when you want to retrieve information about the specified IP address from the Farsight Security DNSDB server. |
| DNS Record Type |
Type of DNS record related to the Name Server if you want to retrieve a specific type of DNS records. By default, this is set to Any.
You can choose from the following options: Any, A6, AAAA, AFSDB, CNAME, DNAME, HINFO, ISDN, KX, NAPTR, NXT, MB, MD, MF, MG, MINFO, MR, MX, NS, PTR, PX, RP, RT, SIG, SOA, SRV, TXT, ANY-DNSSEC, DLV, DNSKEY, DS, NSEC, NSEC3, NSEC3PARAM, and RRSIG. |
| Max Records |
(Optional) Maximum number of records to be retrieved from the Farsight Security DNSDB server.
By default, this is set to 100. |
Output
The JSON output contains information about the Name Server retrieved from the Farsight Security DNSDB server, based on the name of the Name Server and other input parameters you have specified.
Following image displays a sample output:
Included playbooks
The Sample-Farsight-Security-DNSDB-1.0.0 playbook collection comes bundled with the Farsight Security DNSDB connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Farsight Security DNSDB connector.
- Search Domain
- Search IP
- Search Name Server
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.
