Farsight Labs

About Farsight Labs

About Us

Farsight Labs is an outreach programme from Farsight Security, Inc. to the world's digital defenders including individual contributors from academic, law enforcement, non-profit, for-profit, or private backgrounds. There is no fee for participation, no contract to sign, and no service level guarantee. We want to make the world safer, which we do through our robust commercial services, our Passive DNS network, our Open Source software, and with Farsight Labs.

The apps and services available in Farsight Labs will change over time. Generally these will be technologies that do not fit our usual commercial model, or are early-adopter pre-releases of future Farsight Security products and services. Uptime is not guaranteed, and quality may not be as assured as is our norm.

To sign up, visit https://labs.fsi.io/welcome. You can reach the Farsight Labs team by e-mail at labs@farsightsecurity.com.


Farsight Workbench is now available in the Labs shell. Farsight Workbench is a graphical interface that enables users to manage multiple answer sets relating to an investigation, using advanced tools such as iteration, pivots, time-fenced subselections, and combination of results obtained from one or several at-rest data troves, ranging from DNSDB Standard Search (Farsight and SIE Europe) and other third-party passive DNS data, to an enterprise's own data set. Previously a stealth product used by select investigative reporters, threat hunters and security professionals, Farsight Workbench is now available to all Farsight Labs members.
DNSDBFront is now available in the Labs shell. DNSDBFront converts a streaming DNSDB API response into a non-streaming response that Microsoft Excel -- and other programs -- can understand. DNSDBFront is a proxy that produces JSON Object output from DNSDB 2.0 ND-JSON query result that you can use directly within your application. We have also published an OpenAPI 3.0 specification, which enables you to automatically generate clients for DNSDB 2.0. The simplified output format enables you to integrate DNSDB with platforms that do not support ND-JSON or custom encodings. The proxy uses your existing DNSDB API keys to speak to our default API server on your behalf.
Farsight Labs Virtual Starter Kit is now available in the Community Forum. Virtual Starter Kit is a new Virtual Machine Image (VMI) built to assist researchers and investigators by reducing the preparation costs of accessing Farsight DNSDB (our historical Passive DNS database), SIE Batch (Security Information Exchange), SIE Remote, and a robust selection of related open source tools.
Farsight Punycoder is now available in the Labs shell. Farsight Punycoder is a new tool that enables Security Operations Center (SOC) teams, incident responders, threat hunters and other security practitioners to validate, dissect, and bi-directionally convert DNS IDN Punycode. Learn more details about this tool and how it can benefit your security program in our quarterly newsletter, Farsight Observer, published in the Community Forum.
Farsight Security Principal Architect Boris Taratine examines whether there are other potential candidate domains that are used for Command & Control (C2) related to the SolarWinds compromise, in addition to those previously reported. Confirming additional C2 “could be an important step towards identifying indicators of Compromise (IoCs) that were previously unknown.” The new research is available in our Community Forum, entitled, “SUNBURST: Mapping Malicious Activity Using Farsight Historical Passive DNS (Part II).”
In his new research published today in the Forum, Farsight Security Principal Architect Boris Taratine examines the C2 communications used by the malware in the recent SolarWinds supply chain attack. Visit the Community Forum to learn how you can use passive DNS to uncover related assets using historical records, as well as check the patterns of behaviour going beyond reported IoCs.
The Farsight Labs Community Forum allows digital defenders to discuss details of Farsight tools and share tips and tricks for using DNS Intelligence to improve Internet security. To access this members-only resource, click on the Forum icon in the main Labs shell.
Expander helps digital defenders by automating the generation of regular expressions either through a web interface, the command line, or DNSDB Scout. Regular expressions are a popular and mature way to describe an approximate search term, and Expander can be told which of several keyword variation systems to apply in order to cover the confusing similarities of interest to an investigator or defender. Notably, the regular expressions generated by Expander will also work fine in older tools such as UNIX egrep or Splunk, and not just in DNSDB 2.0 with Flexible Search.
  © Farsight Security, Inc.