This integration uses Farsight Security’s DNSDB solution to interactively lookup rich, historical DNS information – either as playbook tasks or through API calls in the War Room – to access rdata and rrset records.
To set up Farsight Security DNSDB to work with Cortex XSOAR:
User will need DNSDB’s API key and service URL for connecting to the Cortex XSOAR server.
To set up the integration on Cortex XSOAR:
- Go to ‘Settings > Integrations > Servers & Services’
- Locate the DNSDB integration by searching for ‘Farsight DNSDB’ using the search box on the top of the page.
Click ‘Add instance’ to create and configure a new integration. You should configure the following DNSDB and Cortex XSOAR specific settings:
Name : A textual name for the integration instance.
API Key : The API key that user gets from Farsight Security.
DNSDB Service URL : The service URL for Farsight DNSDB.
Use system proxy settings : Select whether or not to communicate via the system proxy server.
Cortex XSOAR engine : If relevant, select the engine that acts as a proxy to the server.
Engines are used when you need to access a remote network segments and there are network devices such as proxies, firewalls, etc. that prevent the Cortex XSOAR server from accessing the remote networks.
For more information on Cortex XSOAR engines see:
- Press the ‘Test’ button to validate connection.
- After completing the test successfully, press the ‘Done’ button.