RiskIQ Newly Observed Domains and Newly Observed Hosts feeds are derived from RiskIQ's DNSIQ passive DNS repository observations. These feeds contain domains and hosts resolving an IP address for the first time in our datasets.
Newly Observed Domains
Domain intelligence providing customers with a list of domains resolving to an IP address for the very first time in our Passive DNS repository since they were registered. RiskIQ provides our Newly Observed Domains feed via S3 with Daily and Hourly ingestion options.
Use Case: Proactive Blocking
- Automated ingestion into proxy or firewall.
- Block domains from 24 hours - 14 days
- Duration depends on org risk profile and posture
- 10,000 - 100,000 domain observations daily
- Hourly and 24-hour roll up
Newly Observed Hosts
Domain intelligence providing customers with a list of hosts resolving to an IP address for the very first time in our Passive DNS repository since they were registered. RiskIQ provides our Newly Observed Hosts feed via S3 with Daily and Hourly ingestion options.
Use Case: Research & Hunting
- Data set too large to push as a blocklist automatically
- Proactively identify threats targeting their brand or to conduct proactive threat hunting
- 100K - 1M observations a day
- 24hr roll up
Comments
0 comments
Article is closed for comments.