Introduction

After years of development work, DomainTools is happy to announce the release of a new version of Farsight SIE Remote Access (SRA), AXA Version 3. SRA is used by Security Information Exchange (SIE) customers to bring data from SIE to the customer’s location over an encrypted network tunnel. SRA is a convenient solution for most SIE Channels running at 50Mbps or less. This includes some of our most popular channels, such as Newly Observed Domains (NOD) and Newly Observed Hostnames (NOH).

What’s New

First, the old version of SRA will be available on the current/legacy SRA servers, though DomainTools Customer teams  will reach out to existing SRA customers regarding a timeline for migration. We recognize that implementing a transition of this sort can require careful planning, staging and validation, but  SRA customers are encouraged to migrate to the new version of SRA at their earliest convenience, but use of the legacy version of SRA can continue in the interim with the understanding that:

  • The company’s focus has shifted from the old version of SRA to the new version of SRA at this time
  • Future development and bug fix work will be done primarily on the new version
  • SRA customers SHOULD plan to migrate to the new server as soon as operationally convenient for them, and
  • The old version of SRA will eventually be discontinued and those servers will be turned over – but not yet

To help users migrate, an “AXA Migration Overview” guide is available online at

https://www.domaintools.com/wp-content/uploads/AXA-Migration-Overview.pdf

The technical changes coming with AXA version 3 include (per https://github.com/farsightsec/axa/releases/tag/tags%2Fv3.0.1):

  • Authentication now uses an AXA-specific API key: credential rather than former legacy authentication methods.
  • Consistency with DNSDB formatting conventions has been improved. RRnames now include the formal trailing dot and RRtypes are now capitalized, as has been the norm in DNSDB.
  • sratool output is now in standard JSON Lines (JSONL) format only. If you relied on the prior non-standard presentation-like output format used by sratool for data collection or analysis, you will need to update your process to use the new format.
  • The axa config file is now optional.
  • The missed packet display now uses UTC time (instead of local time).
  • Add sratunnel -K kickfile option to allow rotating new output files based on -C packet count, -T elapsed seconds, or -Z file size. 
  • Allow sratunnel-k (kickfile) to work with -i (interval).
  • Add sratunnel -Z option to clamp an output file size.
  • Add sratunnel -T option to stop output after elapsed seconds.
  • Add sratunnel -I option to allow non-TLS (insecure mode) for API key method.
  • The -S certs option has been removed.
  •  Removes the axa_tsindextool utility.

Conclusion

There are many different ways to pull real-time data from various SIE channels to support your local processes and workflows. Our latest version of SRA, AXA Version 3, provides many new features and upgrades to ensure a fast, reliable, secure way to stream data from SIE channels to help develop new intelligence insights, or even power new products or services.

This new version of SRA is available now from our Github repositories at https://github.com/farsightsec/axa/releases. This includes full source code, as well as Debian packages. 

We think you’ll find the new version of SIE Remote Access fun and exciting to use! 

If you have any questions or concerns, please feel free to contact us at [email protected]