...

• TYPE: The type of record associated with the threat indicator. DNS record types include the following:
  • IPv4 Address Record (A): The IPv4 Address Record (A) returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host, but it is also used for hostname DNSBLs, or storing subnet masks in RFC 1101.
  • IPv6 Address Record (AAAA): The IPv6 Address Record (AAAA) returns a 128-bit IPv6 address, most commonly used to map hostnames to an IP address of the host.
  • CNAME: CNAME data is provided from the upstream authoritative server. 
  • Nameserver (NS): The Nameserver (NS) delegates a DNS zone to use the given authoritative name servers.
  • Mail Exchange Record (MX): The Mail Exchange Record maps a domain name to a list of message transfer agents for that domain.
  • Start of Authority Record (SOA): The Start of Authority Record (SOA) specifies authoritative information about a DNS zone, including the primary nameserver, the email of the domain administrator, the domain serial number, and several timers related to refreshing the zone.
  • Text record (TXT): The Text Record (TXT) was originally for human-readable text in a DNS record. Since the 1990s, however, this record more often carries machine-readable data, such as specified by RFC 1464, opportunistic encryption, Sender Policy Framework, DKIM, DMARC, or DNS-SD
• VALUE: The IP address (IPv4 or IPv6), nameserver, mail exchange record, the start of authority record, or text record associated with the DNS record type. Clicking any of the hyperlinked records indicated in light blue under the VALUE column will display the Summary report for the selected VALUE.
• REVERSE: The reverse DNS record associated with the DNS type record. Clicking any of the hyperlinked records indicated in light blue under the REVERSE column will display the Summary report for the selected reverse DNS record.
• TTL: The TTL (Time-to-Live) as designated by Infoblox and our data partners.

The Dossier Current DNS report also contains the following features:

Search Field

The search field is located at the top of the page and is used to search for threat indicators. You  You can run a search based on domain name, IP address, hostname, URL, email, or hash value. 

Resources

Click Resources located on the top right-hand side of the Summary page to display a drop-down list containing of additional Dossier and TIDE resources.

Resources Dossier resources include the following: 

• Dossier & TIDE Quick Start Guide Guide
• Dossier User Guide Dossier API Calls Reference Reference
• Dossier Source Descriptions Descriptions
• Dossier User Guide
• Threat Classification Guide 

Add to Custom List 

Dossier allows you to perform custom list management. Domains and IP addresses can be added directly to your custom lists through any of Dossier’s reports pages, including the Current DNS report page.

...

• Guide

Reload Page

Click Image Added to reload the Timeline Report page. 

Add to Custom List 

To add a domain or IP address to a custom list in Dossier, complete the following:

1. From the Cloud Services Portal, click Research -> Dossier.
2. Run a Dossier search on the domain name or IP address.
3. On the Dossier Current DNS Timeline report page, click Add to Custom List Image Added located at the top, right-hand side of the Action bar.
4. On the Add to Custom List page, select what custom list or lists from among the list of available custom lists to add the domain or IP address by clicking the blue arrowassociated with the custom list. If you cannot locate the custom list you want to add the domain or IP address to, you can use the search feature to search for the custom list. Alternatively, you can clickto add the domain or IP address to all custom lists. If you inadvertently add the domain or IP address, in the Selected column of custom lists, you can click the blue arrow associated with the custom list to remove the domain or IP address from it.
5. Once you have added the domain or IP address to your custom list or lists, you can save your configuration by clicking Add.
6. You should now see the name of the custom list or lists where the domain or IP address has been added populating the Custom Lists section of the Current DNS report page.

Export

...

1.  Timeline report page.

Generate API Request

Click Image Added to generate an API request. A pop-up window populated with the API information will be displayed.

Image Added

Copy the information from the pop-up window. Click Full API Guide to view the Swagger Dossier API documentation. Click Close to close the window.

Feedback on Results

Click Image Added to load a webform where you can provide comments and feedback on results you obtained from Dossier. For details, see Dossier Threat Research Feedback.
Image Added

Export

Click Image Added to export the Dossier Report file. You can choose to include any or all of the report sections by placing a check in the box associated with a specific section of the report. You can choose from among the following sections:

...

When you have finished selecting what sections of the report to export, click Export in  Export in the bottom right-hand corner of the dialogue box. Your report will be exported in PDF format.

Close

Click Close to close the Summary Report page. Closing the Summary Report page returns you to the default Dossier search page.   

You can also do the following on the page: 

• Background Tasks: Click Image Added to open the side panel to view a list of all running background tasks. 

• Global Search: Click Image Addedin the Search text box, then enter your search criterion. Alternatively, select the criterion if it appears under Recent Searches, which shows tool information, console messages, and other information used in recent searches. The Cloud Services Portal will show all records that match the search criterion. 

Click here to return to the main Dossier Threat Indicator Report page.

...