How to Use Historical Passive DNS for Defense Investigations and Risk Assessments

While there is value in real-time DNS data, passive DNS offers a wealth of historical DNS records analysts can use to gain valuable insight into changes over time. These changes provide the key context needed to identify risks and respond to security threats. In this webcast, SANS analyst Dave Shakleford reviews Farsight Security's Passive DNS Database (DNSDB), a passive DNS data service designed to help investigators enhance the efficiency and effectiveness of their threat hunting investigations and take action on threats.

By walking through five timely and relevant uses cases, Shakleford puts DNSDB to the test and shares his experiences using DNSDB service to:

Install and use DNSDB Scout, a comprehensive dashboard which enables users to create DNSDB queries from a web browser.
Create both simple keyword searches and regular expression searches using Flexible Search and DNSDB command line.
Apply time fencing, sorting, and other parameters to limit query results to just the data you want.
Use the context of search results to lower the risks of incidents, such as phishing and malware infections, and improve mail defense.
Evaluate exposure of third-party vendors and identify their customer base as part of procurement.