Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

The Dossier Timeline report provides comprehensive domain registration information, including ownership changes and threat classifications.

  • The report includes details about major events such as discovered date, expiration date, description of timeline sources, threat class, and data provider. The timeline also offers features like accessing additional resources and adding domains or IP addresses to custom lists.
  • Users can export the Dossier Report file with customizable sections in PDF format.

The Timeline report includes the following information:

  • Discovered on: The date the domain as originally detected.
  • Expired on: The date the domain registration expires.
  • Description: A brief description of where the timeline information was acquired. The description includes the indicator source and the feed where it was detected. 
  • Threat Class: The type, or class, of the threat associated with the domain. 
  • Threat Property: The threat property associated with the domain. 
  • Data Provider: The source of information used to populate the timeline.  
  • Threat Level: The assigned threat level based on domain and threat information
  • Confidence: The confidence level assigned to the indicator based on threat information.  

Image: A sample Timeline report screen. 


The Dossier Timeline report also contains the following features:

Search Field

The search field is located at the top of the page and is used to search for threat indicators. You can run a search based on domain name, IP address, hostname, URL, email, or hash value. 

Resources

Click Resources located on the top right-hand side of the Summary page to display a drop-down list of additional Dossier and TIDE resources.

Dossier resources include the following: 

  • Dossier & TIDE Quick Start Guide
  • Dossier API Calls Reference
  • Dossier Source Descriptions
  • Dossier User Guide
  • Threat Classification Guide

Task Navigation Menu

Click on one of the icons to perform a task.

You can do the following, by clicking on the appropriate icon:

Reload Page

Click  to reload the Timeline Report page. 

Add to Custom List 

To add a domain or IP address, complete the following:

  1. On the Dossier Timeline report page, click  located at the top, right-hand side of the Action bar.
  2. On the Add to Custom List page, select what custom list or lists from among the list of available custom lists to add the domain or IP address by clicking the blue arrowassociated with the custom list. If you cannot locate the custom list you want to add the domain or IP address to, you can use the search feature to search for the custom list. Alternatively, you can clickto add the domain or IP address to all custom lists. If you inadvertently add the domain or IP address, in the Selected column of custom lists, you can click the blue arrow associated with the custom list to remove the domain or IP address from it.
  3. Once you have added the domain or IP address to your custom list or lists, you can save your configuration by clicking Add.
  4. You should now see the name of the custom list or lists where the domain or IP address has been added populating the Custom Lists section of the Timeline report page.

For information on custom lists, see Creating Custom Lists.  

Generate API Request


Click  to generate an API request. A pop-up window populated with the API information will be displayed.


Copy the information from the pop-up window. Click Full API Guide to view the Swagger Dossier API documentation. Click Close to close the window.

Feedback on Results


Click  to load a webform where you can provide comments and feedback on results you obtained from Dossier. For details, see Dossier Threat Research Feedback.

Export

Click  to export the Dossier Report file. You can choose to include any or all of the report sections by placing a check in the box associated with a specific section of the report. You can choose from among the following sections:

  • Summary
  • Impacted Devices
  • Current DNS
  • Related Domains
  • Related URLs
  • Related IPs
  • Related File Samples
  • Related Contacts
  • Reports
  • Timeline
  • Threat Actor
  • MITRE ATT&CK
  • WHOIS Record
  • Raw Whois

When you have finished selecting what sections of the report to export, click Export in the bottom right-hand corner of the dialogue box. Your report will be exported in PDF format. 


You can also do the following on the page: 

  • Background TasksClick  to open the side panel to view a list of all running background tasks. 

  • Global Search: Click in the Search text box, then enter your search criterion. Alternatively, select the criterion if it appears under Recent Searches, which shows tool information, console messages, and other information used in recent searches. The Cloud Services Portal will show all records that match the search criterion. 

Click here to return to the main Dossier Threat Indicator Report page.



  • No labels