Domain Intelligence Cards (aka Domain Cards) provide an on-demand summary of
essential information related to a specific Domain or DNS Names, and are updated
in real time as Recorded Future collects new information. You can use Domain Cards
as a starting point when assessing whether observation of a given Domain in a
specific context is an Indicator of Compromise, and further can be used in security
control rules to block or detect incidents. Domain Cards are also pivot points
during investigations that start with another indicator, a malware tool, a vulnerability,
or a threat actor.
Descriptions of several common components of the Domain Card are available elsewhere, depending on your subscription type:
- Advanced and Core License users can review this Overview of Intelligence Cards
- SecOps Intelligence users can review this Overview of Intelligence Cards
Below are details specific to the Domain Card:
Domain Cards: Parent Domain, Siblings, and DNS Names within a Domain
Similar to the /24 Subnet summary shown in IP Address Cards, Domain Cards present a summary of related Domains and DNS names. For a DNS name within a domain, this summary section includes the parent Domain and sibling DNS names. For a Domain, this summary section includes DNS names within the Domain.
Intelligence Partner Extensions
Extensions are integrations that enhance Domain Cards with content from our Intelligence Partners. Click here to learn more.