This site hosts the public documentation for the different products offered by Farsight Security. Farsight Security provides the world’s largest real-time actionable threat intelligence on how the Internet is changing. Leveraging proprietary technology purpose-built to manage volumes of data and real-time analysis, Farsight observes over 200,000 DNS resolutions per second.

We provide security teams with the Internet’s view of an organization’s web presence and how it’s changing; whether it’s done intentionally, inadvertently, or maliciously.

These products include:

Advanced Exchange Access (AXA)

Farsight’s Advanced Exchange Access (AXA) is a suite of tools and library code that implements a transport protocol to bring SIE channel data to the user via connection systems like SIE Remote Access or the AXAMD (AXA Middleware Daemon).

DNSDB

DNSDB is a Passive DNS (pDNS) historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet infrastructure DNSDB leverages the richness of Farsight’s Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts. To learn more about DNSDB, please see https://www.farsightsecurity.com/solutions/dnsdb/.

DNSDB is a database that stores and indexes both the passive DNS data available via Farsight Security’s Security Information Exchange as well as the authoritative DNS data that various zone operators make available.

DNSDB makes it easy to search for individual DNS RRsets and provides additional metadata for search results such as first seen and last seen timestamps as well as the DNS bailiwick associated with an RRset. DNSDB also has the ability to perform inverse or rdata searches.

The original DNSDB provides our Standard Search capabilities and is accessed with DNSDB API Version 1.DNSDB 2.0 is an evolution of DNSDB Standard search capabilities and is accessed with DNSDB API Version 2.

DNSDB Flexible Search is an extension to DNSDB 2.0 that add ways to flexibly search DNSDB by regular expressions and globs (aka wildcarding). It is accessed with the Flex API extensions to the DNSDB APIv2.

These pages describe the data available from DNSDB and how to make bulk, automated DNSDB Standard Search and Flexible Search queries via the RESTful APIs.

Flexible Search support is part of DNSDB 2.0 and adds both Regular Expressions and Globbing syntaxes for more granular and accurate search results. To learn more about Flexible Search, please see Introducing DNSDB 2.0.

DNSDB Export

DNSDB Export is an on premises version of the DNSDB API server, allowing customers who need maximum performance and privacy to host their own instance of DNSDB so that none of their data or activity is visible on the wider internet.

DNSDB Plus

DNSDB Plus provides access to a set of data not normally available in the standard DNSDB product. This data covers a collection of highly volatile short-lived and often single use data generated by services like Content Delivery Networks (CDNs). These records have little or no long-term value to investigators and so are filtered from the DNSDB database to manage data storage and query record sizes.

DNSDB Plus is available to DNSDB Unlimited customers who need to investigate this type of DNS activity. DNSDB Plus is offered via the same API, tools and API key used by your current subscription.

DNSDB Scout

DNSDB Scout is a GUI for the DNSDB API within the Google Chrome and Mozilla Firefox browsers or available as a Web Edition. Wish scout, you can work with the DNSDB database from within a browser to do things such as keep a local cash of queries you’ve made, track your API key usage, query the database using time fencing to narrow the search to specific times of interest, and output data for further analysis in multiple formats, including JSON, CSV and Plaintext.

NMSG

NMSG is an adaptable container format that allows for consistent or variable message types. NMSG container data may be streamed to a file or transmitted as UDP datagrams. NMSG containers can contain multiple NMSG messages or a fragment of a message too large to fit in a single container. The data in an NMSG container can also be compressed. Additional capabilities include sequencing and rate-limiting. NMSG is available for the application programmer as a C library called libnmsg. The library offers a complete API for the programmer to build NMSG-capable applications and configure, tune, and/or tweak its many options and features. There is also support for Python and Perl.

Newly Observed Domains/Hostnames (NOD/NOH)

Farsight Security Inc.’s Newly Observed Domains (NOD) and Newly Observed Hostnames (NOH) provides security teams with real-time actionable information based on the age of domain names. By using these data sets, subscribers can block spam and malware from newly observed domains until security providers have an opportunity to catch up.

Security Information Exchange

The Security Information Exchange (SIE) is a scalable and adaptable real-time data streaming and information sharing platform. SIE collects and provides access to more than 200,000 observations per-second of raw data from its global sensor network. Farsight also applies unique and proprietary methods for improving usability of the data, directly sharing the refined intelligence with SIE customers and DNSDB, one of the world’s largest passive DNS (pDNS) databases.

The diverse set of data available from SIE includes the following and is relevant and useful for practitioners in various technology roles:

SIE Batch

SIE Batch is a delivery method that gives you access to the SIE data via a RESTful API that can be used to download data as needed. It also has a web-based interface that can be used to define your data sets and download them. With SIE Batch you can select the data sets and time periods of interest to you, download that data and have it available for your analysis.

Third Party Integrations

Farsight partners with cybersecurity firms seeking to utilize the best-of-breed solutions that Farsight Security offers. Through these partnerships, we expand the ways cyber threat analysts utilize our data in threat attribution, legal investigations, threat intelligence analysis, and other highly sensitive applications. Third party integrations are available for a number of platforms, including Anomali, Domaintools, Maltego, IBM’s Resilent tools, and Splunk.