App Spotlight: Farsight Security DNSDB—Incorporate DNS intelligence into automated investigations

farsightsecuritylogoThe App Spotlight series highlights new or recently updated Phantom Apps. Today we’re highlighting the integration between Phantom’s Security Automation and Orchestration (SA&O) platform and the Farsight Security DNSDB threat intelligence solution.

Two of the most popular investigational security actions automated with the Phantom platform are lookup ip, which provides reverse DNS information, and lookup domain, which provides important details about a domain name. With the recent release of the Farsight Security DNSDB app, Farsight subscribers can now use those abstracted Phantom actions to access Farsight’s expansive historical database of DNS intelligence from within their Phantom playbooks.

Phantom playbooks connect your workflow to the new Farsight DNSDB App. You can try out the integration with one of two standard playbooks: the Phishing playbook, which can be used to investigate and remediate phishing emails; and the Investigate playbook, which queries several external reputation and intelligence services to enrich events. You can also leverage the Farsight App from any playbook shared throughout the community or from the custom playbooks you or your team creates.

phishing_playbook
The new Farsight Security DNSDB app for Phantom supports standard Phantom playbooks like the Phishing playbook example shown here.

The investigation of suspicious IP addresses or domains is standard practice in security investigations. Before automation this task was handled manually and took 20 minutes or more of an analyst’s time per investigation.  By leveraging the Phantom Security Automation and Orchestration platform and the Farsight DNSDB App, you can automate this critical task and reduce investigation time down to seconds. Through the Phantom App model and automation, Farsight DNSDB now seamlessly integrates with other incident response tasks so that  no alert ever goes untouched and investigations can advance quickly and accurately.

About Farsight Security, Inc.
Farsight Security, Inc. provides the world’s largest real-time threat intelligence on changes to the Internet. Leveraging proprietary technology with over 200,000 observations/second, Farsight provides the Internet’s view of an organization and how it is changing purposely, inadvertently or maliciously. For more information on Farsight, please visit https://farsightsecurity.com