The Dossier™ threat indicator research tool offers the following features. Using the Dossier toolset, users may make accurate decisions more quickly and with greater confidence based on the contextual information obtained from a dozen sources simultaneously. Dossier source descriptions are as follows:
Alexa is a global pioneer in the world of analytical insight. Their vast experience means they have developed the most robust and accurate web analytics service. Search results from Alexa provide a ranking from the global Top 1,000,000 Sites list.
BloxOne is Infoblox’s flagship data collection. Queries are executed against all data within BloxOne and data provider subscriptions.
- Current DNS
Search results from Current DNS provide all the available information about a given hostname from DNS nameservers.
- Global Custom Search
Global Custom Search, or GCS, searches anti-virus analysis pages, malware analysis blogs and other related malware/RCE websites. Global Custom Search is a platform provided by Bing that allows web developers to feature specialized information in web searches, refine and categorize queries, and create customized search engines.
The geolocation tool plots the identified coordinates on a map, providing city-level accuracy. Other information including ISP, city, region, lat/long, and country are also included.
- Google Safe Browsing
Google Safe Browsing, or GSB, is a Google service that enables applications to check URLs against Google’s constantly updated lists of suspected phishing, malware, and unwanted software pages.
iSIGHT Partners is the leading provider of global cyber threat intelligence, delivering unparalleled insight into your cyber adversaries, their motives and methods. iSIGHT provides instant reporting on threat actors targeting organizations, plus related Indicators of Compromise (IOCs) to help prioritize relevant threats, speed detection of advanced attacks, and bolster responses to minimize further risk. iSIGHT is available as a separate subscription and is not automatically included with Dossier.
- Passive DNS
Passive DNS is the historical DNS record for hostnames. When searching a hostname, Passive DNS will return all IPs that hostname has resolved to and those that were caught by the Passive DNS sensors in the previous 12 months. When searching an IP, Passive DNS will return all hostnames that have pointed to that IP. Note that not every DNS change is caught, so there will be missing information.
- Reverse DNS
The Reverse DNS tool performs a reverse DNS lookup of an IP address by searching domain name registry and registrar tables.
- Reverse Whois
DomainTools’ Reverse Whois lookup API allows a lookup in Whois records that contain a string. This is typically used for identifying information like an email address or name. The results can reveal related, registered domains.
- Malware Analysis
Data collection of malicious content detected by aggregation of antivirus engines and website scanners.
DomainTools’ Whois lookup API provides the ownership record for a domain name or IP address with basic registration details, all in a well-structured format that groups together important data.
This page has no comments.