The Investigation Insights – DNS Query integration allows Investigation Insights users to run varying dig commands right from Investigation Insights instead of having to run the command on a network. This enables users to quickly get a view on what the domain or IP records are. The integration enables users to run multiple different queries.
The Investigation Insights DNS Query integration leverages the NodeJS Native DNS library to issue DNS queries to a specified DNS server. The integration allows you to specify what type of query is run. By default, the integration runs an A record query for domains and a PTR (reverse DNS) query for IP addresses.
Examples
Data Overview
Analysts will be able to quickly understand associated DNS information with IPs and Domains. Enabling quick understanding on the associated information with a domain and IP.
Investigation Insights admins have the ability to specify what data gets returned from a DNS query lookup.
Analysts can look up the following information about an IP and domain:
- A (IPv4)
- AAAA IPv6)
- TXT (Text Annotations)
- CNAME (Canonical Name Record)
- NS (Name Server)
- MX (Mail Exchange)
- SoA (Start of Authority)
