Glossary
A
Accuracy
Feed accuracy is based on user feedback regarding the false positives from a threat intelligence feed.
Active IPs
The number of IP addresses seen as active A records in this ASN
Advanced Filter
A feature that allows extended filtering of IoC, via various threat attributes (e.g. custom domain score, ASN reputation).
Age
The number of days since a domain was first seen in the zone files.
Alexa Top 10k rank
Alexa's top 10,000 websites.
Answer
A response received for a DNS query - (rdata).
AS Name
The name of the AS.
AS Number
The number of the AS, allocated by IANA.
ASN Allocation Age
The age of an AS number in days.
ASN Allocation Date
The date an AS Number was assigned by IANA.
ASN Diversity
How often an IP changes between AS numbers.
ASN Rank
A ranking of ASNs seen to host threats listed on feeds, calculated using a weighted formula based on the type of threat observed.
ASN Reputation
The ratio of blacklisted IPs, taken from from the total number of IPs that have been observed as being active within an ASN, in the last 30 days.
ASN Takedown Reputation
A reputation score based on the time it takes for the ASN owner to react to takedown requests related to malicious URLs - a higher reputation score indicates the ASN owner is slow to react to takedown requests.
Associated SSH
Bad SSH keys.
Associated SSL
Bad SSL certificates.
C
Collection Management
Allows users to view and enrich various information on saved Collections (e.g. IoC name and type, last seen).
Count on explore
The number of times a query has returned an answer
Count on Sources
The number of observables in feed or collection
Curated Feed History Score
A score based on the frequency and recency of an observable, within trusted feeds.
Custom Attributes
Allows users to calculate a score based on three custom attributes - similarity to domain, supply chain domain, top brands domain.
Customer Domain Score
A score that indicates an observable's similarity to other domains.
D
Data Records
Database entries stored in DNS servers with information on specific domains, such as their IP addresses or instructions on how to handle related DNS queries.
E
Enrich
A real-time lookup that targets WHOIS data, nameserver history, and other publicly available threat information.
Enriched Attributes
Attributes that have benefitted from enriched threat intelligence from the Silent Push platform (e.g. IP diversity, nameserver information, IP density).
Enriched Score
A cumulative score that includes all data and scores from each enriched attribute.
Explore
A feature that allows app users to browse DNS history, and pivot into related infrastructure.
F
False Positive
An observable that’s flagged as a false positive.
False Positive Ratio
The ratio of false positives reported in the last 30 days.
Feed
An online threat distributor that’s frequently updated.
Feed Management
Enriched observables from the file from which feed is created
Feed Name
The name of the feed.
Feed Performance
A percentage figure that judges how relevant a feed’s information is, based on overlapping IoC data between all other feeds.
First Seen
The date when this domain was first seen in the zone files
Frequency
The interval between updates.
G
Geographic Spread
The number of continents covered within a threat intelligence feed, based on IP origin information.
Global Feed
A feed created by the Silent Push Threat Analyst Team, shared with paid users of the Silent Push app
Global Queries
A list of universal queries
I
Indicator of Compromise
Pieces of forensic data which identify potentially malicious activity on a system, or network.
Integrations
Connectivity with third party products.
IoC Type
The type of the observable (IP address, domain, URL)
IP Density
The amount of domains pointing to an IP address.
IP Diversity
The amount of IPs pointed to over the last 30 days.
IP Diversity Groups
The number of different groups of IPs pointed to over the last 30 days, where a group may concist of one or more IPs pointed to at the same time
IP GEO
A calculated score expressing the IP's presence in an organization's designated area of operation.
IP Has Expired Certificate
The IP address has an expired certificate
IP Has Open Directory
The IP address has an open directory served by a web server
IP PTR
A PTR record pointing to an IP address.
IP Range
How an IP address matches up to an IP Range.
IP Reputation
An IP address' reputational value.
IPs in ASN
The number of IP addresses available in this ASN
IPs in subnet
The number of IP addresses available in this subnet
IPs listed
The number of IP addresses in this ASN that have been seen as listed on trusted feeds
Is Alexa Top 10k
The domain is in the top 10,000 domains, by Alexa ranking
Is Dynamic IP Data
Establishes if an IP address belongs to dynamic infrastructure - i.e. may be dynamically assigned by ISPs or for residential use.
Is Exists
The domain has not previously been seen in the zone files, but has been confirmed to exist.
Is Expired
The domain is using nameservers that indicate a domain registration has expired.
Is False Positive
The IP address has been flagged by users as a false positive
Is IPFS node
The IP address is an IPFS node
Is Known Benign
The IP has been seen to belong to a benign internet scanning service, or similar non-malicious operator.
Is New
A domain that hasn’t previously been seen in any zone files.
Is Parked
The domain is registered, but not connected to any online service (e.g., a website or email server).
Is Part of DGA
Is part of generation algorithm
Is Part of Dynamic DNS
The hostname is a subdomain of a dynamic domain zone.
Is Seen it
Users mark threat information as ‘seen’, which flags the data as ‘Seen it’
Is TOR Exit Node
An exit gateway connecting tor traffic to the internet
Is URL Shortener
A URL shortening service that points to a longer domain.
L
Last 24 hours
A list of records first observed in the last 24 hours
Last Change
The last time a nameserver change occured
Last Seen
The date when the domain was most recently seen in the zone files
Last Seen on Explore
The last time a query returned an answer.
Last Updated
A timestamp of when a feed was last updated.
Listed Recent
The most recent date where this domain or IP has been listed on at least one of the cureated feeds
Listed Span
The number of days between the first seen date and the most recent date where this domain or IP has been listed on at least one of the curated feeds
Listing All
The number of days where this domain or IP has been listed on at least one of the curated feeds
Listing Max Age
The max age of any URL pointing to IP addresses in this ASN that have been seen as listed on trusted feeds
Lookup
A functionality that uses passive DNS data to research all related threats.
M
My feed
A private feed created by a user, and not shared
N
Network
IP address/subnet used in typosquatting queries.
NS Average TTL
The average Time To Live value of all the domains on a nameserver.
NS Domain Density
How many domains are used by a specific nameserver.
NS Domain Listed
The number of domains using this name server are found on feeds and/or blacklists
NS Entropy
A score that includes recency, frequency, and the number of NS changes.
NS Reputation
The ratio of blacklisted domains, taken from the total number of domains using a nameserver
Number of Changes
The number of times the domain has changed its name servers
Number of URLs
The number of URLs pointing to IP addresses in this ASN that have been seen as listed on trusted feeds
O
Organization feed
A feed created by the user, and shared inside the organization (as distinct from a private feed)
Originator
The percentage of observables first reported by this feed out of all observables reported in this feed within the last 10 days
Overlap
A percentage of the feed's observables that are provided by other feeds/collections.
P
Private Queries
A list of queries saved by the user
Q
Query
DNS Query - (rrname).
R
Raw Data
JSON format of query results.
S
Secondary Attributes
Indicators that differ between IoC types.
Seen It
A flag that indicates that other users have confirmed the threat.
Shared Queries
A list of saved queries that are shared by the user, with their organization
Source
The name of the feed or collection providing the observable.
Source Name
The name of the feed or collection
Source Score
A score calculated by sources attributes (that you see in threat ranking details or enriched data). A source score can be added during the creation of the source (feed or collection), or any time the user edits a source.
Source Type
Type of the source from which it is created (file or URL)
Status
An updateable status of the threat.
Subnet
An IP addresses subnet.
Subnet Allocation Age
The number of days since the subnet was allocated to the AS
Subnet Allocation Date
The date the subnet was allocated to the AS
Subnet Reputation
The ratio of blacklisted IPs, taken from the total number of IPs that have been observed as being active within a particular subnet in the last 30 days.
Supplier Domain score
A score expressing an observable's similarity to your organization's designated supplier domains.
Supplier Domains
All the domains belong to the supplier
T
Tag
Contextual and descriptive information about a threat.
Template Queries
A list of saved Silent Push templated queries based on the actual events
Threat
An Indicator of Compromise that is potentially harmful.
Threat Ranking
A table of all threats in the system, with filtering and sorting options.
Tob Brands Domains
A score that indicates an observable's similarity to top brands domains
Top Brands Score
A score expressing an observable's similarity to your organization's designated brand domains (set in the indicators section of preferences).
Total Score
A single metric incorporating the source score, secondary indicator score and custom indicator score.
Typosquatting
A tool that detects spoofing of company domains, or supply chain domains.
V
Vendor
The name of the owner of the feed.
W
Whois
All publicly available informations collected when the domain is registered or updated its DNS settings.
Whois age
Time frame from the moment registrar (registrant) registered domain or IP
Whois created date
Date when domain or Ip is registered