Feed accuracy is based on user feedback regarding the false positives from a threat intelligence feed.
The number of IP addresses seen as active A records in this ASN
A feature that allows extended filtering of IoC, via various threat attributes (e.g. custom domain score, ASN reputation).
The number of days since a domain was first seen in the zone files.
Alexa Top 10k rank
Alexa's top 10,000 websites.
A response received for a DNS query - (rdata).
The number of the AS, allocated by IANA.
ASN Allocation Age
The age of an AS number in days.
ASN Allocation Date
The date an AS Number was assigned by IANA.
How often an IP changes between AS numbers.
A ranking of ASNs seen to host threats listed on feeds, calculated using a weighted formula based on the type of threat observed.
The ratio of blacklisted IPs, taken from from the total number of IPs that have been observed as being active within an ASN, in the last 30 days.
ASN Takedown Reputation
A reputation score based on the time it takes for the ASN owner to react to takedown requests related to malicious URLs - a higher reputation score indicates the ASN owner is slow to react to takedown requests.
Bad SSH keys.
Bad SSL certificates.
Allows users to view and enrich various information on saved Collections (e.g. IoC name and type, last seen).
Count on explore
The number of times a query has returned an answer
Count on Sources
The number of observables in feed or collection
Curated Feed History Score
A score based on the frequency and recency of an observable, within trusted feeds.
Allows users to calculate a score based on three custom attributes - similarity to domain, supply chain domain, top brands domain.
Customer Domain Score
A score that indicates an observable's similarity to other domains.
Database entries stored in DNS servers with information on specific domains, such as their IP addresses or instructions on how to handle related DNS queries.
A real-time lookup that targets WHOIS data, nameserver history, and other publicly available threat information.
Attributes that have benefitted from enriched threat intelligence from the Silent Push platform (e.g. IP diversity, nameserver information, IP density).
A cumulative score that includes all data and scores from each enriched attribute.
A feature that allows app users to browse DNS history, and pivot into related infrastructure.
An observable that’s flagged as a false positive.
False Positive Ratio
The ratio of false positives reported in the last 30 days.
An online threat distributor that’s frequently updated.
Enriched observables from the file from which feed is created
The name of the feed.
A percentage figure that judges how relevant a feed’s information is, based on overlapping IoC data between all other feeds.
The date when this domain was first seen in the zone files
The interval between updates.
The number of continents covered within a threat intelligence feed, based on IP origin information.
A feed created by the Silent Push Threat Analyst Team, shared with paid users of the Silent Push app
A list of universal queries
Indicator of Compromise
Pieces of forensic data which identify potentially malicious activity on a system, or network.
Connectivity with third party products.
The type of the observable (IP address, domain, URL)
The amount of domains pointing to an IP address.
The amount of IPs pointed to over the last 30 days.
IP Diversity Groups
The number of different groups of IPs pointed to over the last 30 days, where a group may concist of one or more IPs pointed to at the same time
A calculated score expressing the IP's presence in an organization's designated area of operation.
IP Has Expired Certificate
The IP address has an expired certificate
IP Has Open Directory
The IP address has an open directory served by a web server
A PTR record pointing to an IP address.
How an IP address matches up to an IP Range.
An IP address' reputational value.
IPs in ASN
The number of IP addresses available in this ASN
IPs in subnet
The number of IP addresses available in this subnet
The number of IP addresses in this ASN that have been seen as listed on trusted feeds
Is Alexa Top 10k
The domain is in the top 10,000 domains, by Alexa ranking
Is Dynamic IP Data
Establishes if an IP address belongs to dynamic infrastructure - i.e. may be dynamically assigned by ISPs or for residential use.
The domain has not previously been seen in the zone files, but has been confirmed to exist.
The domain is using nameservers that indicate a domain registration has expired.
Is False Positive
The IP address has been flagged by users as a false positive
Is IPFS node
The IP address is an IPFS node
Is Known Benign
The IP has been seen to belong to a benign internet scanning service, or similar non-malicious operator.
A domain that hasn’t previously been seen in any zone files.
The domain is registered, but not connected to any online service (e.g., a website or email server).
Is Part of DGA
Is part of generation algorithm
Is Part of Dynamic DNS
The hostname is a subdomain of a dynamic domain zone.
Is Seen it
Users mark threat information as ‘seen’, which flags the data as ‘Seen it’
Is TOR Exit Node
An exit gateway connecting tor traffic to the internet
Is URL Shortener
A URL shortening service that points to a longer domain.
Last 24 hours
A list of records first observed in the last 24 hours
The last time a nameserver change occured
The date when the domain was most recently seen in the zone files
Last Seen on Explore
The last time a query returned an answer.
A timestamp of when a feed was last updated.
The most recent date where this domain or IP has been listed on at least one of the cureated feeds
The number of days between the first seen date and the most recent date where this domain or IP has been listed on at least one of the curated feeds
The number of days where this domain or IP has been listed on at least one of the curated feeds
Listing Max Age
The max age of any URL pointing to IP addresses in this ASN that have been seen as listed on trusted feeds
A functionality that uses passive DNS data to research all related threats.
A private feed created by a user, and not shared
IP address/subnet used in typosquatting queries.
NS Average TTL
The average Time To Live value of all the domains on a nameserver.
NS Domain Density
How many domains are used by a specific nameserver.
NS Domain Listed
The number of domains using this name server are found on feeds and/or blacklists
A score that includes recency, frequency, and the number of NS changes.
The ratio of blacklisted domains, taken from the total number of domains using a nameserver
Number of Changes
The number of times the domain has changed its name servers
Number of URLs
The number of URLs pointing to IP addresses in this ASN that have been seen as listed on trusted feeds
A feed created by the user, and shared inside the organization (as distinct from a private feed)
The percentage of observables first reported by this feed out of all observables reported in this feed within the last 10 days
A percentage of the feed's observables that are provided by other feeds/collections.
A list of queries saved by the user
DNS Query - (rrname).
JSON format of query results.
Indicators that differ between IoC types.
A flag that indicates that other users have confirmed the threat.
A list of saved queries that are shared by the user, with their organization
The name of the feed or collection providing the observable.
The name of the feed or collection
A score calculated by sources attributes (that you see in threat ranking details or enriched data). A source score can be added during the creation of the source (feed or collection), or any time the user edits a source.
Type of the source from which it is created (file or URL)
An updateable status of the threat.
An IP addresses subnet.
Subnet Allocation Age
The number of days since the subnet was allocated to the AS
Subnet Allocation Date
The date the subnet was allocated to the AS
The ratio of blacklisted IPs, taken from the total number of IPs that have been observed as being active within a particular subnet in the last 30 days.
Supplier Domain score
A score expressing an observable's similarity to your organization's designated supplier domains.
All the domains belong to the supplier
Contextual and descriptive information about a threat.
A list of saved Silent Push templated queries based on the actual events
An Indicator of Compromise that is potentially harmful.
A table of all threats in the system, with filtering and sorting options.
Tob Brands Domains
A score that indicates an observable's similarity to top brands domains
Top Brands Score
A score expressing an observable's similarity to your organization's designated brand domains (set in the indicators section of preferences).
A single metric incorporating the source score, secondary indicator score and custom indicator score.
A tool that detects spoofing of company domains, or supply chain domains.
The name of the owner of the feed.
All publicly available informations collected when the domain is registered or updated its DNS settings.
Time frame from the moment registrar (registrant) registered domain or IP
Whois created date
Date when domain or Ip is registered