Farsight Security DNSDB is a Passive DNS historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure.
This document provides information about the Farsight Security DNSDB connector, which facilitates automated interactions, with a Farsight Security DNSDB server using FortiSOAR™ playbooks. Add the Farsight Security DNSDB connector as a step in FortiSOAR™ playbooks and perform automated operations, such as searching and retrieving information about domains, IP addresses, or name servers that you have specified.
Connector Version: 1.0.0
Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later
Compatibility with Farsight Security DNSDB Server Versions: 0.2.2 and later
For the procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the Farsight Security DNSDB connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | URL of the Farsight Security DNSDB sandbox server to which you will connect and perform the automated operations. |
API Key | API key that is configured for your account for using the Farsight Security DNSDB server. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Search Domain | Searches and retrieves information about a domain from the Farsight Security DNSDB server, based on the Domain name and other input parameters you have specified. | lookup_domain Investigation |
Search IP | Searches and retrieves information about an IP address from the Farsight Security DNSDB server, based on the IP Address and other input parameters you have specified. | lookup_ip Investigation |
Search Name Server | Searches and retrieves information about a name server from the Farsight Security DNSDB server, based on the Name Server name and other input parameters you have specified. | domain_details Investigation |
Parameter | Description |
---|---|
Wildcard Type | Type of Wildcard based on which you want to search the Farsight Security DNSDB server. You can choose from the following options: Normal Search, Left Side Wildcard, or Right Side Wildcard. By default, this is set to Normal Search. |
Domain | Name of the Domain that you want to search for and retrieve information from the Farsight Security DNSDB server. |
From | (Optional) Start date and time from when you want to retrieve information about the specified domain from the Farsight Security DNSDB server. |
To | (Optional) End date and time till when you want to retrieve information about the specified domain from the Farsight Security DNSDB server. |
DNS Record Type | Type of DNS record related to the domain if you want to retrieve a specific type of DNS records. By default, this is set to Any. You can choose from the following options: Any, A6, AAAA, AFSDB, CNAME, DNAME, HINFO, ISDN, KX, NAPTR, NXT, MB, MD, MF, MG, MINFO, MR, MX, NS, PTR, PX, RP, RT, SIG, SOA, SRV, TXT, ANY-DNSSEC, DLV, DNSKEY, DS, NSEC, NSEC3, NSEC3PARAM, and RRSIG. |
Max Records | (Optional) Maximum number of records to be retrieved from the Farsight Security DNSDB server. By default, this is set to 100. |
The JSON output contains information about the domain retrieved from the Farsight Security DNSDB server, based on the Domain name and other input parameters you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
IP Address | IP address that you want to search for and retrieve information from the Farsight Security DNSDB server. |
From | (Optional) Start date and time from when you want to retrieve information about the specified IP address from the Farsight Security DNSDB server. |
To | (Optional) End date and time till when you want to retrieve information about the specified IP address from the Farsight Security DNSDB server. |
Network Prefix | (Optional) CIDR range. |
Max Records | (Optional) Maximum number of records to be retrieved from the Farsight Security DNSDB server. By default, this is set to 100. |
The JSON output contains information about the IP address retrieved from the Farsight Security DNSDB server, based on the IP address and other input parameters you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Name Server | Name of the Name Server that you want to search for and retrieve information from the Farsight Security DNSDB server. For example, ns5.dnsmadeeasy.com |
From | (Optional) Start date and time from when you want to retrieve information about the specified Name Server from the Farsight Security DNSDB server. |
To | (Optional) End date and time till when you want to retrieve information about the specified IP address from the Farsight Security DNSDB server. |
DNS Record Type | Type of DNS record related to the Name Server if you want to retrieve a specific type of DNS records. By default, this is set to Any. You can choose from the following options: Any, A6, AAAA, AFSDB, CNAME, DNAME, HINFO, ISDN, KX, NAPTR, NXT, MB, MD, MF, MG, MINFO, MR, MX, NS, PTR, PX, RP, RT, SIG, SOA, SRV, TXT, ANY-DNSSEC, DLV, DNSKEY, DS, NSEC, NSEC3, NSEC3PARAM, and RRSIG. |
Max Records | (Optional) Maximum number of records to be retrieved from the Farsight Security DNSDB server. By default, this is set to 100. |
The JSON output contains information about the Name Server retrieved from the Farsight Security DNSDB server, based on the name of the Name Server and other input parameters you have specified.
Following image displays a sample output:
The Sample-Farsight-Security-DNSDB-1.0.0
playbook collection comes bundled with the Farsight Security DNSDB connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Farsight Security DNSDB connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.
Farsight Security DNSDB is a Passive DNS historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure.
This document provides information about the Farsight Security DNSDB connector, which facilitates automated interactions, with a Farsight Security DNSDB server using FortiSOAR™ playbooks. Add the Farsight Security DNSDB connector as a step in FortiSOAR™ playbooks and perform automated operations, such as searching and retrieving information about domains, IP addresses, or name servers that you have specified.
Connector Version: 1.0.0
Compatibility with FortiSOAR™ Versions: 4.9.0.0-708 and later
Compatibility with Farsight Security DNSDB Server Versions: 0.2.2 and later
For the procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the Farsight Security DNSDB connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | URL of the Farsight Security DNSDB sandbox server to which you will connect and perform the automated operations. |
API Key | API key that is configured for your account for using the Farsight Security DNSDB server. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True . |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Search Domain | Searches and retrieves information about a domain from the Farsight Security DNSDB server, based on the Domain name and other input parameters you have specified. | lookup_domain Investigation |
Search IP | Searches and retrieves information about an IP address from the Farsight Security DNSDB server, based on the IP Address and other input parameters you have specified. | lookup_ip Investigation |
Search Name Server | Searches and retrieves information about a name server from the Farsight Security DNSDB server, based on the Name Server name and other input parameters you have specified. | domain_details Investigation |
Parameter | Description |
---|---|
Wildcard Type | Type of Wildcard based on which you want to search the Farsight Security DNSDB server. You can choose from the following options: Normal Search, Left Side Wildcard, or Right Side Wildcard. By default, this is set to Normal Search. |
Domain | Name of the Domain that you want to search for and retrieve information from the Farsight Security DNSDB server. |
From | (Optional) Start date and time from when you want to retrieve information about the specified domain from the Farsight Security DNSDB server. |
To | (Optional) End date and time till when you want to retrieve information about the specified domain from the Farsight Security DNSDB server. |
DNS Record Type | Type of DNS record related to the domain if you want to retrieve a specific type of DNS records. By default, this is set to Any. You can choose from the following options: Any, A6, AAAA, AFSDB, CNAME, DNAME, HINFO, ISDN, KX, NAPTR, NXT, MB, MD, MF, MG, MINFO, MR, MX, NS, PTR, PX, RP, RT, SIG, SOA, SRV, TXT, ANY-DNSSEC, DLV, DNSKEY, DS, NSEC, NSEC3, NSEC3PARAM, and RRSIG. |
Max Records | (Optional) Maximum number of records to be retrieved from the Farsight Security DNSDB server. By default, this is set to 100. |
The JSON output contains information about the domain retrieved from the Farsight Security DNSDB server, based on the Domain name and other input parameters you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
IP Address | IP address that you want to search for and retrieve information from the Farsight Security DNSDB server. |
From | (Optional) Start date and time from when you want to retrieve information about the specified IP address from the Farsight Security DNSDB server. |
To | (Optional) End date and time till when you want to retrieve information about the specified IP address from the Farsight Security DNSDB server. |
Network Prefix | (Optional) CIDR range. |
Max Records | (Optional) Maximum number of records to be retrieved from the Farsight Security DNSDB server. By default, this is set to 100. |
The JSON output contains information about the IP address retrieved from the Farsight Security DNSDB server, based on the IP address and other input parameters you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Name Server | Name of the Name Server that you want to search for and retrieve information from the Farsight Security DNSDB server. For example, ns5.dnsmadeeasy.com |
From | (Optional) Start date and time from when you want to retrieve information about the specified Name Server from the Farsight Security DNSDB server. |
To | (Optional) End date and time till when you want to retrieve information about the specified IP address from the Farsight Security DNSDB server. |
DNS Record Type | Type of DNS record related to the Name Server if you want to retrieve a specific type of DNS records. By default, this is set to Any. You can choose from the following options: Any, A6, AAAA, AFSDB, CNAME, DNAME, HINFO, ISDN, KX, NAPTR, NXT, MB, MD, MF, MG, MINFO, MR, MX, NS, PTR, PX, RP, RT, SIG, SOA, SRV, TXT, ANY-DNSSEC, DLV, DNSKEY, DS, NSEC, NSEC3, NSEC3PARAM, and RRSIG. |
Max Records | (Optional) Maximum number of records to be retrieved from the Farsight Security DNSDB server. By default, this is set to 100. |
The JSON output contains information about the Name Server retrieved from the Farsight Security DNSDB server, based on the name of the Name Server and other input parameters you have specified.
Following image displays a sample output:
The Sample-Farsight-Security-DNSDB-1.0.0
playbook collection comes bundled with the Farsight Security DNSDB connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Farsight Security DNSDB connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.