WildFire DNS History for Domains, URLs, and IP Addresses
Table of Contents
WildFire DNS History for Domains, URLs, and IP Addresses
When you search for a domain, URL, or IP address,
you can now view an active DNS history from WildFire® (in addition
to related URLs from PAN-DB and passive DNS history). The WildFire
DNS history is a log of DNS activity collected from all WildFire
submissions that contain instances of the domain, URL, or IP address.
Review the WildFire DNS history to assess whether the domain, URL,
or IP address is associated with malicious activity.
- Start an AutoFocus™ search for a domain, URL, or IP address.If you are viewing a domain, URL, or IP address in the File Analysis details for a sample, you don’t have to add it to a new search; you can simply click the drop-down next to it, selectDomain and URL info, and skip to Step 3.
- Click the target icon or the search result listed inDomain, URL & IP Address Information.
- Notice the newWildFire DNS Historysection, which lists domain to IP address mappings. The mappings are based on all samples that launched a request to connect to a domain during WildFire analysis. Find matches to the domain, URL, or IP address you searched for in theRequestandResponsecolumns.
- Request—The domain to which the sample attempted to connect.
- Response—The domain or IP address mapped to the domainRequest.
- Type—The DNS record type, which describes the file that was used to map the domainRequestto the IP address or domainResponse. For example, an A record type maps a domain to an IP address, while a CNAME record type maps a domain to another “alias” domain.
- First Seen—The date and time that WildFire first detected theRequest,Response, and DNS recordType.
- Last Seen—The most recent date and time that WildFire detected theRequest,Response, and DNS recordType.
- Next step:Learn more about domain, URL, and IP address information.