Farsight DNSDB

farsight dnsdb is a passive dns database that enables detailed analysis of dns records for security purposes farsight dnsdb is a comprehensive dns intelligence platform that provides real time and historical dns data this connector allows swimlane turbine users to perform forward and inverse dns lookups, retrieve summaries of dns records, and monitor api rate limits by integrating farsight dnsdb with swimlane turbine, users can enhance their security automation workflows with enriched dns data, enabling more effective threat detection and response dnsdb is a database that stores and indexes both the passive dns data available via farsight security’s security information exchange as well as the authoritative dns data that various zone operators make available prerequisites before you can use the farsight dnsdb connector for turbine, you'll need access to the farsight dnsdb api this requires the following an api key authentication using the following parameter api key a unique key provided by farsight dnsdb to authenticate api requests capabilities this connector provides the following capabilities lookup rdata lookup rrset rate limit summarize rdata summarize rrset notes api documentation link https //www domaintools com/resources/user guides/farsight dnsdb api version 2 documentation/python sdk https //pypi org/project/dnsdb2/ additional documentation farsight dnsdb connector documentation https //docs swimlane com/connectors/farsight dnsdbfarsight dnsdb api documentation https //www domaintools com/resources/user guides/farsight dnsdb api version 2 documentation/ configurations dnsdb asset authenticate using api key configuration parameters parameter description type required apikey api key for authentication string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions lookup rdata perform an inverse lookup in farsight dnsdb's rdata index using specified type, value, and ignore limited parameters to query based on rdata record values input argument name type required description type string required type of the resource value string required value for the parameter ignore limited boolean required manually suppresses querylimited exceptions raised by the server if the query results exceed the row limited rrtype string optional type of the resource limit number optional parameter for lookup rdata time first before number optional parameter for lookup rdata time last before number optional parameter for lookup rdata time first after number optional parameter for lookup rdata time last after number optional parameter for lookup rdata aggr boolean optional parameter for lookup rdata offset number optional parameter for lookup rdata input example {"type" "ip","value" "8 8 8 8","ignore limited"\ true,"rrtype" "a","limit" 50,"time first before" 1620000000,"time last before" 1620000000,"time first after" 1620000000,"time last after" 1620000000,"aggr"\ true,"offset" 100} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" \[{"count" 5,"time first" 1706649024,"time last" 1710882816,"rrname" "identity msbe cie ac ","rrtype" "a","rdata" \["8 8 8 8"]},{"count" 2,"time first" 1598818650,"time last" 1598818650,"rrname" "dmn ac ","rrtype" "a","rdata" \["8 8 8 8"]},{"count" 38,"time first" 1620106630,"time last" 1620119528,"rrname" "lee ac ","rrtype" "a","rdata" \["8 8 8 8"]}]} lookup rrset perform a forward lookup in farsight dnsdb's rrset index using the owner name of an rrset requires type and ignore limited inputs input argument name type required description owner name string optional name of the resource rrtype string optional type of the resource ignore limited boolean required manually suppresses querylimited exceptions raised by the server if the query results exceed the row limited bailiwick string optional parameter for lookup rrset limit number optional parameter for lookup rrset time first before number optional parameter for lookup rrset time last before number optional parameter for lookup rrset time first after number optional parameter for lookup rrset time last after number optional parameter for lookup rrset aggr boolean optional parameter for lookup rrset offset number optional parameter for lookup rrset input example {"owner name" "swimlane com","rrtype" "a","ignore limited"\ true,"bailiwick" "com","limit" 50,"time first before" 1620000000,"time last before" 1620000000,"time first after" 1620000000,"time last after" 1620000000,"aggr"\ true,"offset" 0} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" \[{"count" 59,"time first" 1410402569,"time last" 1418156730,"rrname" "swimlane com ","rrtype" "a","bailiwick" "swimlane com ","rdata" \["50 62 69 1"]},{"count" 7362,"time first" 1425951270,"time last" 1456509794,"rrname" "swimlane com ","rrtype" "a","bailiwick" "swimlane com ","rdata" \["50 116 22 188"]},{"count" 1535,"time first" 1418257869,"time last" 1425945579,"rrname" "swimlane com ","rrtype" "a","bailiwick" "swimlane com ","r rate limit retrieve the current api rate limits for farsight dnsdb to monitor usage and ensure compliance with access policies output parameter type description rate object output field rate rate limit number output field rate limit rate reset number output field rate reset rate offset max number output field rate offset max rate results max number result of the operation rate remaining number output field rate remaining output example {"json body" {"rate" {"limit" 100,"reset" 1710979200,"offset max" 3000000,"results max" 1000000,"remaining" 94}}} summarize rdata retrieve a summary of rdata using the farsight dnsdb api in json format requires type and value as inputs input argument name type required description type string required type of the resource value string required value for the parameter rrtype string optional type of the resource limit number optional parameter for summarize rdata time first before number optional parameter for summarize rdata time last before number optional parameter for summarize rdata time first after number optional parameter for summarize rdata time last after number optional parameter for summarize rdata aggr boolean optional parameter for summarize rdata max count number optional count value input example {"type" "name","value" "swimlane com","rrtype" "a","limit" 50,"time first before" 1620000000,"time last before" 1620000000,"time first after" 1620000000,"time last after" 1620000000,"aggr"\ true,"max count" 1000} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" \[{"count" 20,"num results" 1,"time first" 1411929062,"time last" 1417555530}]} summarize rrset summarize resource record sets in farsight dnsdb using the json format requires owner name as input endpoint url /dnsdb/v2/summarize/rrset method get input argument name type required description owner name string required name of the resource rrtype string optional type of the resource bailiwick string optional parameter for summarize rrset limit number optional parameter for summarize rrset time first before number optional parameter for summarize rrset time last before number optional parameter for summarize rrset time first after number optional parameter for summarize rrset time last after number optional parameter for summarize rrset aggr boolean optional parameter for summarize rrset max count number optional count value input example {"owner name" "swimlane com","rrtype" "a","bailiwick" "com","limit" 50,"time first before" 1620000000,"time last before" 1620000000,"time first after" 1620000000,"time last after" 1620000000,"aggr"\ true,"max count" 1000} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"reason" "ok","response headers" {},"json body" \[{"count" 741872,"num results" 306,"time first" 1283175634,"time last" 1710907196,"zone time first" 1272125541,"zone time last" 1710802220}]} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt