ServiceNow: Farsight DNSDB

Introduction

Farsight Security DNSDB is the world's largest DNS intelligence database that provides a unique, fact-based, multifaceted view of the configuration of the global internet infrastructure. DNSDB leverages the richness of Farsight's Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts.

Farsight collects passive DNS data from its global sensor array. It then filters and verifies the DNS transactions before inserting them into the DNSDB, along with ICANN-sponsored zone file access download data. The end result is the highest-quality and most comprehensive DNS intelligence data service of its kind, with more than 100 billion DNS records since 2010.

Installation and configuration

Prerequisites

You need the following to install and configure the Farsight DNSDB integration:

• ServiceNow console and ServiceNow Administrator account
• DomainTools Farsight DNSDB API key
• ServiceNow console with the required dependencies:
  • Security Incident Response
  • Security Integration Framework
  • Security Support Common
  • Security Support Orchestration

Installing the Farsight DNSDB app

Install the Farsight DNSDB integration to make it available on your ServiceNow instance.

Follow the instructions on the ServiceNow "Install a ServiceNow Store application" page.

You can also visit the ServiceNow Store page for Farsight DNSDB.

Activating the Farsight DNSDB app

Follow the instructions on the ServiceNow Activate and configure third-party integrations page.

You will find the Farsight DNSDB integration during the install.

DNSDB threat integration actions

The following actions are available for use in ServiceNow workflows and Flow Designer:

Configuration

Configure the DNSDB API connection settings, including API key and endpoint configuration.

DNSDB Flex

Perform flexible DNS queries using the DNSDB Flex API, which provides advanced query capabilities for complex DNS lookups.

DNSDB RData

Query DNSDB for resource record data (RData). This action returns DNS records based on the resource data, such as IP addresses, mail servers, or other DNS record values.

DNSDB Summarize RData

Retrieve summarized resource record data from DNSDB. This action provides aggregated statistics and counts for RData queries, useful for understanding the scope of DNS infrastructure.

DNSDB RRSet

Query DNSDB for resource record sets (RRSet). This action returns complete DNS record sets based on domain names or other identifiers.

DNSDB Summarize RRSet

Retrieve summarized resource record set data from DNSDB. This action provides aggregated statistics and counts for RRSet queries.

DNSDB Rate Limit

Check the current rate limit status for your DNSDB API quota. This action helps you monitor API usage and avoid exceeding rate limits.

Using DNSDB with other integrations

The Farsight DNSDB integration works seamlessly with other DomainTools integrations for ServiceNow. For example, you can combine DNSDB passive DNS lookups with Iris Investigate domain intelligence to get a comprehensive view of domain infrastructure and history.

See the Iris Investigate integration guide for examples of playbooks that combine both integrations.

References

• Farsight DNSDB ServiceNow Store page
• Activate and configure applications
• Activate ServiceNow Store application