Pre-requisites

You will need the following to proceed:

• A Microsoft Power Apps or Power Automate plan with custom connector feature
• An Azure subscription
• Farsight DNSDB API Key

How to get credentials

Contact sales@farsightsecurity.com or submit for a grant here.

Available Actions

With the supported logic apps, an investigator can answer questions such as “where did this domain previously resolve?,” or “what other domains share hosting with this domain or IP?” Such information can be extremely valuable when trying to correlate events that may otherwise show no relationship to each other. For example, a traffic flow to an domain or IP address that is not currently associated with a malicious domain, but where that domain or IP did previously reside, could be an indication of harmful activity such as command and control callbacks, malware downloader traffic, or other threats. You can see this by running the DNSDB_Historical_Address playbook for domain indicators or DNSDB_Historical_Hosts playbook for IP indicators. Likewise, if your DNS logs contain lookups for other domains that you know to be co-hosted with a known-bad domain, then you may have threat traffic to investigate. The DNSDB_Co_Located_Hosts playbook enables this. Or if you are enriching an IP address, use the DNSDB_CO_Located_IP_Address playbook to identify all the IPs that are co-located.

Support:

For all the support requests and general queries you can contact support@farsightsecurity.com