Domain, URL, and IP Address Information

When searching for a domain, URL, or IP address artifact, the Domain, URL & IP Address Information tab displays information about the artifact from PAN-DB, the global URL database that Palo Alto Networks uses for its URL filtering service. The tab also provides logs of DNS activity from all samples analyzed with WildFire and passive DNS history where AutoFocus detected instances of the artifact. This information can help you assess whether a specific domain, URL, or IP address is associated with suspicious behavior.
Domain, URL, and IP Address Details
search-dns-3.png
dashboard-callout-1.png PAN-DB Categorization
View URLs associated with the domain, URL, or IP address through PAN-DB and the PAN-DB category for each URL.
dashboard-callout-2.png WildFire DNS History
View a log of domain to IP address mappings based on all samples that launched a request to connect to a domain during Wildfire Analysis.
dashboard-callout-3.png Passive DNS History
View a passive history of domain to IP address mappings that contain matches to the artifact your searched for.
  1. Find domain, URL, and IP address information for an artifact.
    Find information for a specific domain, URL, or IP address:
    1. Work with the Search Editor to set up a search with the following types of artifacts:
      Domain
      ,
      URL
      ,
      IP Address
      ,
      DNS Activity
      , or
      APK Embedded URL
      .
    2. Click the target icon or expand the search result listed under the Domain, URL & IP Address Information tab.
      search-dns-2.png
    Find information from the file analysis details for a sample:
    1. Click a sample hash to view sample details.
    2. View the full DNS Activity details for the sample.
    3. Click the drop-down for any domains, URLs, or IP addresses, and select
      Domain and URL info...
      search-dns-4.png
      See Assess AutoFocus Artifacts for details on drilling down in the file analysis details for a sample.
  2. Review the Domain, URL, and IP Address Details for the artifact.
    Find matches to the artifact in the Request and Response columns.
  3. Choose from the following next steps.

Related Documentation