March 18, 2015
-
Jason Trost
,

Passive DNS Analytic Use Cases in ThreatStream

<p>As mentioned in our <a href="https://www.anomali.com/blog/introduction-to-passive-dns-usage-in-threatstream">previous blogpost</a> on passive DNS (PDNS), ThreatStream recently added passive DNS to its Optic™ Platform.  Passive DNS is a technique for capturing, storing, and indexing DNS queries and responses to enable forensic search, discovery, and analysis over historic DNS records.  It enables analysts to expose relationships between domain names and IP addresses that would be very difficult if not impossible to determine otherwise.</p><p><span style="line-height: 1.6;">In the videos below, we discuss two use cases that outline how passive DNS can be useful for security/forensics investigations on network Indicators of Compromise (IOCs).</span></p><p>Using Passive DNS in ThreatStream to Detect Domain Parking</p><p><iframe allowfullscreen="" frameborder="0" height="281" mozallowfullscreen="" src="https://player.vimeo.com/video/122595836" webkitallowfullscreen="" width="500"></iframe></p><p>Using Passive DNS in ThreatStream to Detect Dynamic Threats</p><p><iframe allowfullscreen="" frameborder="0" height="281" mozallowfullscreen="" src="https://player.vimeo.com/video/122595835" webkitallowfullscreen="" width="500"></iframe></p><p>How can this help you? Click <a href="https://ui.threatstream.com/registration/">here</a> to get a free account...</p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.