Silent Push's data enrichment service empowers security teams to understand the origin, function, and risk level of observables, Domains, IPv4 addresses, IPv6 addresses, and ASNs, by breaking down their constituent parts (e.g., DNS, on-page content) and analyzing their relationships with the broader Internet. This guide outlines how to access enriched data, details the enrichment categories for each observable type, and highlights key metrics for quick evaluation.
Access Enriched Data
Enrichment provides detailed insights into observables, presenting data in either the Total View screen (for Domains and IPv4 addresses) or the Standard Enrichment screen (for IPv6 addresses and ASNs). The Total View applies multiple queries, scans, pivot options, and proprietary Silent Push functions, while the Standard Enrichment screen organizes data into categories specific to the observable type.
Enrich an Observable
Enter a Domain, IP, or ASN in the search bar.
Press Enter.
Tip: Use the Lookup PADNS option where available to pivot through enriched data elements.
Enrichment Categories
Domain Enrichment Categories
Enriching a domain provides insights across 17 categories and sub-categories, with over 70 individual elements, helping security teams evaluate a domain’s origin, function, and risk level.
Category | Elements | Description |
|---|---|---|
Basic Information | ||
Domain Information | User tags, Infratag, FirstSeen, LastSeen, Age, DGA | Tags, infrastructure summary, first/last seen dates, domain age, and DGA likelihood. |
WHOIS Information | Created, Country, City, Address, Email, ZIP Code, Registrar | Registration details for the domain. |
DNS Records | A, AAAA, CNAME, NS, MX, SOA, TXT | Count of DNS records linked to the domain, with a total provided. |
Enriched Attributes | ||
IP Diversity | Host, ASN Diversity, IP Diversity (All), IP Diversity (Groups) | Tracks IPs pointed to over 30 days and ASN changes. |
Nameserver Information | NS Reputation, Nameserver, NS Domain Density, NS Domain Listed | Analyzes nameservers by reputation and domain usage. |
Nameserver Changes | NS Entropy, Number of Changes, Last Change | Tracks changes in nameservers, including frequency and recency. |
Curated Feed History | Curated Feeds History Score, First Seen, Listed Recent, Listed Span, Listed All | Scores and timestamps of domain appearances in trusted threat feeds. |
Custom Attributes | Customer Domain Score, Top Brand Domain Score, Supplier Domain Score | Scores indicating similarity to organizational or supplier domains. |
Scan Data | ||
Certificates | IP, Domains, SHA1, Valid From, Valid Until, Issuer Common Name, Issuer Organization, Scan Date | List of associated certificates (click Show all associated certificates). |
JARM | JARM, Scan Date | JARM fingerprint and scan date. |
Favicon | Favicon md5, Favicon murmur3, Favicon2 md5, Favicon2 murmur3, Favicon2 path, Scan Date | Favicon hashes and paths. |
HTML | Body ssdeep, Body murmur3, Title, Scan Date | HTML content analysis. |
Header | Response, Server, Expires, Content Length, Content Type, Cache Control, IP, Location, Scan Date | HTTP header details. |
Live Threat Feeds | (List of feeds) | Current threat feeds featuring the domain. |
IPv4 Enrichment Categories
Enriching an IPv4 address provides insights across 18 categories and sub-categories, enabling security teams to assess its risk and functionality.
Category | Elements | Description |
|---|---|---|
Basic Information | ||
IP Information | Data, User Tags, ASN, AS Name, Subnet, IP Density, IP PTR | ASN, subnet, domain count, and PTR record details |
DNS Records | (List of recent DNS Records) | Recent DNS records with pivot options, total count displayed. |
Associated Certificates | (Search for certificates) | List of certificates associated with the IP (click Search). |
Geo | Continent, Country, Country Code, Is European Union | Geographic data for the IP. |
Enriched Attributes | ||
Curated Feed History | Curated Feeds History Score, First Seen, First Seen Ago, Listed Recent, Listed Recent Ago, Listed Span, Listed All | Scores and timestamps of IP appearances in trusted threat feeds. |
ASN Information | ASN, AS Name, AS Rank, ASN Takedown Reputation, ASN Allocation Age, ASN Allocation Date, ASN Reputation | ASN details, including reputation and takedown responsiveness. |
Subnet Information | Subnet, Subnet Reputation, Subnet Allocation Age, Subnet Allocation Date | Subnet details and reputation. |
Custom Attributes | IP Geo, IP Range | Scores for organizational relevance and IP range matching. |
Scan Data | (Same as Domain: Certificates, JARM, Favicon, HTML, Header) | Detailed scan data (see Domain section for details). |
Live Threat Feeds | (List of feeds) | Current threat feeds featuring the IP. |
IPv6 Enrichment Categories
Enriching an IPv6 address provides insights across 12 categories and sub-categories, tailored to IPv6-specific data.
Category | Elements | Description |
|---|---|---|
IPv6 Information | Date, Density, Subnet, SP Risk Score | Domain count, subnet, and overall risk score. |
ASN Information | AS Number, ASN Size, AS Name, Average Density, Max Density, Active IPs, Active Subnets | ASN size, density, and active IP/subnet counts. |
DNS Records | (List of recent DNS records) | Recent DNS records with pivot options; total count displayed. |
ASN Enrichment Categories
Enriching an ASN provides insights into its role in hosting and propagating malicious activity across multiple categories.
Category | Elements | Description |
|---|---|---|
ASN Information | AS Number, ASN Size, AS Name, Average Density, Max Density, Active IPs, Active Subnets | ASN size, density, and active IP/subnet counts. |
WHOIS RDAP Data | Copyright Notice, Description, Handle, Expiration Date, Last Changed Date, Registration Date, URL, WHOIS Server | WHOIS registration details |
ASN Takedown Reputation | ASN Takedown Reputation Score, IPs Active, IPs in ASN, IPs with URLs Listed, Number of URLs Listed, Lifetime Avg, Lifetime Max, Lifetime Total | Reputation based on takedown responsiveness. |
ASN Reputation Score | (Ratio of blacklisted IPs) | Ratio of blacklisted IPs in the ASN over 30 days. |
Subnets | Subnet Size, Active IPs, Active Density, Max Density, Density Deviation | Subnet-specific metrics. |
ASN Risk Scores | ASN Takedown Reputation (0-100), ASN Reputation (0-100) | Scores for takedown responsiveness and blacklisted IP ratio. |
Enrichment Highlights
The Highlights section on enrichment pages provides a quick overview of key metrics for Domains, IPv4 addresses, URLs, and ASNs, enabling rapid evaluation of Indicators of Compromise (IoCs). For URLs, highlights display domain-based attributes if the root is a domain, or IP-based attributes if the root is an IP.Highlight Categories
IP-based Highlights:
ASN RankSubnet Reputation
Curated Feeds History Score
IP Density
Open S3 Buckets
Domain-based Highlights:
NS ReputationNS Entropy
Curated Feeds History Score
ASN Diversity
IP Diversity
Age
Registrar
ASN-based Highlights:
Active IPs
Active Subnets
AS Name
Average Density