Farsight DNSDB, together with Maltego, with its node-based graph, enables threat hunters, incident responders and other investigators to easily identify patterns and connections associated with cybercrime activities, with more accurate threat intelligence and faster response to today’s threats.
Previously, threat hunters needed a known suspicious IP address or domain name to search Farsight DNSDB, the world’s largest passive DNS database, to gain actionable information about past and current use of digital artifacts used by cybercriminals.
While DNSDB Standard Search remains the industry’s favorite DNS intelligence tool, users of the Farsight DNSDB Transforms for Maltego can now perform DNSDB Flexible Search capabilities such as simple keyword searches as well as complex partial string searches using regular expression string or file-glob style patterns. In addition, the Transforms have been re-named to be more intuitive and better in-line with Maltego Transform naming conventions.
“Farsight DNSDB Transforms for Maltego combine the unmatched depth and visibility of Farsight’s DNSDB with the industry leading visualization and link-exploration capabilities of Maltego. With the recent addition of Flexible Search to the Farsight DNSDB Transforms for Maltego, this pair becomes a must-have tool for analysts and hunters. Users can leverage the new power of Flexible Search to unlock new aspects malicious infrastructure or to map the breadth of partner and vendor relationships. This enhances situational awareness for the defenders and leads to shorter dwell-time for an attacker,” said Ben April, Chief Technology Officer, for Farsight Security, Inc.
Maltego and Farsight also announced the availability of a new joint case study whitepaper entitled, “SUNBURST: Mapping Malicious Activity Using Farsight Historical Passive DNS.” The case study demonstrates how to combine Maltego’s link analysis capability and Farsight DNSDB’s archive of passive DNS data to retrieve historical domain and IP address data and analyze the potential scope of the SolarWinds compromise.
“The upgrade of the Farsight Transforms in Maltego is great news for a wide range of cybersecurity researchers and analysts. Adding and merging intelligence on threats and network infrastructure into multi-source data analyses becomes more accessible and customizable at the same time. And with our joint effort in providing free data trials, tutorials, documentation and other learning material, it’s easy to get started,” says Philip Mayrhofer, CEO of Maltego.
Pricing & availability
Farsight DNSDB Transforms for Maltego are available for both community and commercial Maltego users with a free trial. You can get started immediately with a limited DNSDB API key or register for a full usage 30-day free trial for commercial users.
To access the full solution, a Maltego commercial license and a Farsight DNSDB subscription are required.