Understanding when a DNS record was resolvable provides valuable information about the timeline of a potential threat, and can help identify patterns and connections between different domains and IP addresses.
For example, if multiple domains or IP addresses were resolvable during the same period, it may be an indication of coordinated activity or a shared infrastructure used by multiple threat actors.
Security teams can use a Silent Push PADNS resolve check to determine when a particular domain or IP address was active and potentially associated with malicious activity.
This information can then be used to track the chronological progress of a potential threat and to identify any related domains or IP addresses that were active during the same period.
-
Navigate to
Advanced Query Builder > Xperimental Queries > PADNS Resolve Dates -
Specify a DNS
record type:- A
- AAAA
- CNAME
- MX
- NS
- SOA
- TXT
-
Specify a
domain -
Click
Search
Saving queries
Organizational users are able to save individual queries ran from Advanced Query Builder, and store them in the Private Queries menu for future analysis, or to share with their organization.
-
Specify the query parameters
-
Click
Save Query -
Give your query a
Name -
Specify a
Descriptionto add more context -
Click
Save