Newly Observed Feeds

Newly Observed Feeds

RiskIQ Newly Observed Domains and Newly Observed Hosts feeds are built off of observations in RiskIQ's DNSIQ passive DNS repository.  These lists provide organizations with initial observations when RiskIQ observed a domain or host resolving to an IP address for the very first time in our data set.

Newly Observed Domains

Domain intelligence providing customers with a list of domains resolving to an IP address for the very first time in our Passive DNS repository since registration

Use Case: Proactive Blocking

  • Automated ingestion into proxy or firewall.
  • Block domains from 24 hours - 14 days
  • Duration depends on org risk profile and posture
  • 10,000 - 100,000 domain observations daily
  • Hourly and 24 hour roll up

Newly Observed Hosts

Domain intelligence providing customers with a list of hosts resolving to an IP address for the very first time in our Passive DNS repository since registration.

Use Case: Research & Hunting

  • Data set too large to automatically push as a block list
  • Proactively identify threats targeting their brand or to conduct proactive threat hunting
  • 100K - 1M observations a day
  • 24hr roll up