By Rebecca Köhler
Maltego’s transform hub has grown: We are happy to announce that the Farsight Security DNSDB™ set of tranforms is integrated into Maltego. Farsight DNSDB is the world's largest passive DNS database. It provides a historical view of DNS resolutions worldwide dating back to 2010 and is updated in real-time. Indexed for easy use, DNSDB enables users to gain actionable information about the past and current use of digital artifacts such as IP addresses and domain names used by cybercriminals.
With Maltego and Farsight DNSDB, threat hunters, incident responders and investigators can easily identify patterns and connections among domains and IP addresses. Security teams can now work more efficiently by quickly contextualizing and correlating indicators used in, and associated with, their investigations.
Farsight DNSDB is available on all Maltego solutions for free with limited results. To expand this trial and increase the results from the DNSDB transforms, users can get a DNSDB Trial API Key and insert it into their Maltego platform to utilize DNSDB for 30 days with 100 queries available per day. Current DNSDB API users can simply add their API key to any Maltego solution.
Farsight DNSDB Transforms on domains include:
Farsight DNSDB Transforms on hostnames include:
Additional Farsight DNSDB Transforms include:
If you are a Maltego user but new to the Farsight DNSDB, all you need to do is install the Farsight DNSDB Transform set and immediately utilize the provided limited free queries without installing a Farsight DNSDB API Key.
If you are currently both a Farsight DNSDB customer and Maltego user, you should install the Farsight DNSDB Transform set or refresh your existing installation, and enter your existing DNSDB API Key into the settings per the instructions below.
The updated Transform set has a new setting button in the Transform details where you enter your Farsight API Key. Maltego Classic and XL users will continue to have full functionality. With this change, Maltego CE users will be able to utilize their Farsight DNSDB API Key with the standard Maltego CE response query limit.
To get more DNSDB queries, upgrade to a free trial by clicking the “Buy more” link in the output log window and sign up. When you receive your trial API Key by email, go into the Transform settings and enter your API Key.
At any time, a Maltego user can revert to the limited free queries by removing the API Key from the settings.
You can find more information on installation, types of pivots and more by visiting the Farsight Maltego page- https://www.farsightsecurity.com/maltego/.
For more information on DNSDB please visit https://www.farsightsecurity.com/get-started-guide/.