WildFire DNS History for Domains, URLs, and IP Addresses

When you search for a domain, URL, or IP address, you can now view an active DNS history from WildFire® (in addition to related URLs from PAN-DB and passive DNS history). The WildFire DNS history is a log of DNS activity collected from all WildFire submissions that contain instances of the domain, URL, or IP address. Review the WildFire DNS history to assess whether the domain, URL, or IP address is associated with malicious activity.
  1. Start an AutoFocus™ search for a domain, URL, or IP address.
    If you are viewing a domain, URL, or IP address in the File Analysis details for a sample, you don’t have to add it to a new search; you can simply click the drop-down next to it, select
    Domain and URL info
    , and skip to Step 3.
    search-dns-4.png
  2. Click the target icon or the search result listed in
    Domain, URL & IP Address Information
    .
    search-dns-2.png
  3. Notice the new
    WildFire DNS History
    section, which lists domain to IP address mappings. The mappings are based on all samples that launched a request to connect to a domain during WildFire analysis. Find matches to the domain, URL, or IP address you searched for in the
    Request
    and
    Response
    columns.
    wf-dns-history.png
    • Request
      —The domain to which the sample attempted to connect.
    • Response
      —The domain or IP address mapped to the domain
      Request
      .
    • Type
      —The DNS record type, which describes the file that was used to map the domain
      Request
      to the IP address or domain
      Response
      . For example, an A record type maps a domain to an IP address, while a CNAME record type maps a domain to another “alias” domain.
    • First Seen
      —The date and time that WildFire first detected the
      Request
      ,
      Response
      , and DNS record
      Type
      .
    • Last Seen
      —The most recent date and time that WildFire detected the
      Request
      ,
      Response
      , and DNS record
      Type
      .
  4. Next step:
    Learn more about domain, URL, and IP address information.

Recommended For You