The Dossier Timeline report provides a comprehensive, one-page report detailing timeline information obtained from domain registration records. The timeline shows major events in the domain registration, including changes in ownership. The sources include WHOIS (real records), PDNS (Passive DNS observed from actual traffic), and various feeds such as SURBL who track Domains when they are new. The Timeline report includes the following information:
- Discovered on: The date the domain as originally detected.
- Expired on: The date the domain registration expires.
- Description: A brief description of where the timeline information was acquired.
- Threat Class: The type, or class, of the threat associated with the domain.
- Threat Property: The threat property associated with the domain.
- Data Provider: The source of information used to populate the timeline.
- Threat Level: The assigned threat level based on domain and threat information
Image: Sample timeline report.
The Dossier Timeline report also contains the following features:
Resources
Click Resources located on the top right-hand side of the Summary page to display a drop-down list containing additional Dossier and TIDE resources.
Resources include the following:
Dossier & TIDE Quick Start Guide
Dossier User Guide
Dossier API Calls Reference
Dossier Source Descriptions
Threat Classification Guide
Add to Custom List
Dossier allows you to perform custom list management. Domains and IP addresses can be added directly to your custom lists through any of Dossier’s reports pages, including the Timeline report page.
Adding a Domain or IP Address to a Custom List in Dossier
To add a domain or IP address to a custom list in Dossier, complete the following:
- From the Cloud Services Portal, click Research -> Dossier.
- Run a Dossier search on the domain name or IP address.
- On the Dossier Timeline report page, click Add to Custom List located at the top, right-hand side of the Action bar.
- On the Add to Custom List page, select what custom list or lists from among the list of available custom lists to add the domain or IP address by clicking the blue arrow Selected column of custom lists, you can click the blue arrow associated with the custom list to remove the domain or IP address from it. associated with the custom list. If you cannot locate the custom list you want to add the domain or IP address to, you can use the search feature to search for the custom list. Alternatively, you can click to add the domain or IP address to all custom lists. If you inadvertently add the domain or IP address, in the
- Once you have added the domain or IP address to your custom list or lists, you can save your configuration by clicking Add.
- You should now see the name of the custom list or lists where the domain or IP address has been added populating the Custom Lists section of the Timeline report page.
Export
Click Export to export the Dossier Report file. You can choose to include any or all of the report sections by placing a check in the box associated with a specific section of the report. You can choose from among the following sections:
- Summary
- Impacted Devices
- Current DNS
- Related Domains
- Related URLs
- Related IPs
- Related File Samples
- Related Contacts
- Reports
- Timeline
- Threat Actor
- MITRE ATT&CK
- WHOIS Record
- Raw Whois
When you have finished selecting what sections of the report to export, click Export in the bottom right-hand corner of the dialogue box. Your report will be exported in PDF format.
Close
Click Close to close the Summary Report page. Closing the Summary Report page returns you to the default Dossier search page.
Click here to return to the main Dossier Threat Indicator Report page.