March 18, 2015
Jason Trost

Introduction to Passive DNS Usage in ThreatStream

<p>As most seasoned security and forensics analysts know, passive DNS (PDNS) is incredibly useful for discovering new relationships between IP addresses and domain names when researching or triaging a new network Indicator of Compromise (IoC).  Passive DNS is a technique for capturing, storing, and indexing DNS queries and responses to enable forensic search, discovery, and analysis over historic DNS records.  It enables analysts to expose relationships between domain names and IP addresses that would be very difficult if not impossible to determine otherwise.  It often enables analysts to more fully answer these questions:</p><ul><li>What IPs did this domain name point to in the past?  And how did they change?</li><li>What other domains also point to this IP Address?</li><li>What subdomains exist below a certain domain name?</li><li>What domain names are hosted by a given nameserver? </li></ul><p>For these reasons, ThreatStream recently added passive DNS data to its Optic™ platform to improve the analyst experience when researching new threats. This is the first part of a multi-part series outlining why passive DNS is useful and how to use it in ThreatStream&#39;s Optic™ platform. See the video below to learn more.</p><p><strong>Intro to Passive DNS Usage in ThreatStream</strong></p><p><iframe allowfullscreen="" frameborder="0" height="281" mozallowfullscreen="" src="" webkitallowfullscreen="" width="500"></iframe></p><p>How can this help you? Click <a href="">here</a> to get a free account...</p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.