Dealing With Short Search Terms
Dealing With Short Search Terms When Using DNSDB Flexible Search
The initial launch of Farsight Security’s DNSDB® allowed users to search for patterns in passive DNS expressions. Built with ease of use in mind, DNSDB allows security teams to pivot easily from one query to another through over 100 billion DNS records.
With the sheer amount of DNS records to parse through, the launch of DNSBD 2.0 provided the addition of Flexible Search, enabling users to quickly cover more ground. But for every term and trademark that returns a moderate and applicable amount of results, there are short, common words and acronyms which return superfluous results. While these short/common search strings provide technical “matches,” they are, in fact, irrelevant to your search, creating a more arduous and manual search process.
This white paper:
- Provides a walkthrough of what can be involved with attempts to find unusually short or common patterns in DNSDB Flexible Search and DNSDB Standard Search for those who do not wish to use Machine Learning (ML).
- Exposes users to the issues that can arise when working with short or common patterns.
- Explains how to use the DomainTools Reputation API to get a risk score for domain names of interest.