Today marks a significant milestone in Farsight Security’s partnership with Maltego. Farsight DNSDB, our flagship historical passive DNS database with more than 100 Billion DNS records, is now bundled into all versions of Maltego, including Community Edition (CE), Classic and XL.
Now, more than 500,000 Maltego users have free access to the industry’s gold standard Passive DNS solution, Farsight DNSDB.
Farsight DNSDB Transforms
Farsight DNSDB, the world’s largest passive DNS database, provides an up-to-date snapshot of the changing Internet dating as far back as 2010. Indexed for easy use, Farsight DNSDB enables organizations to submit queries to gain actionable information about past and current use of digital artifacts such as IP addresses and domain names used by cybercriminals.
With Farsight DNSDB, together with Maltego, the popular visual link analysis tool, with its node-based graph, threat hunters, incident responders and other investigators can easily identify patterns and connections among these artifacts for faster, more accurate threat intelligence and response to today’s threats.
The Maltego application comes with threat intelligence plugins called Transforms. Farsight DNSDB Transforms on domains include:
- Hostnames observed within the domain, optionally restricted to A, AAAA, CNAME types
- Observed name servers (NS records) for a domain,
- Observed mail servers (MX records) for a domain
Farsight DNSDB Transforms on hostnames include:
- Domains observed using the hostname as a name server (NS)
- Domains observed using the hostname as a mail server (MX) TXT records observed for the hostname
- SRV records observed for the hostname
- Other hostnames referencing the hostname (e.g. CNAME records)
Additional Farsight DNSDB Transforms include:
- Extracting hostnames from e-mail addresses and URLs
- Finding hostnames which start with a given label “phrase”
- Finding hostnames related to a network address or address range
How It Works
If you are a Maltego user but new to Farsight DNSDB, all you need to do is install the Farsight DNSDB Transform set and immediately utilize the provided limited free queries without installing a Farsight DSNDB API key.
If you are currently both a Farsight DNSDB customer and Maltego user, you should install the Farsight DNSDB Transform set or refresh your existing installation, and enter your existing DNSDB API key into the settings per the instructions below.
The updated Transform set has a new setting button in the Transform details where you enter your Farsight API key. Maltego Classic and XL users will continue to have full functionality. With this change, Maltego CE users will be able to utilize their Farsight DNSDB API Key with the standard Maltego CE response query limit.
To get more DNSDB queries, upgrade to a free trial by clicking the “Buy more” link in the output log window and sign up. When you receive your trial API key by email, go into the Transform settings and enter your API Key.
At any time, a Maltego user can revert to the limited free queries by removing the API key from the settings.
You can find more information on installation, types of pivots and more by visiting our Maltego section under “Integrations.”.
Karen Burke is the Director of Corporate Communications for Farsight Security, Inc.
