Meet Total View, Silent Push's powerful platform that combines Domains, IPv4 addresses, IPv6 addresses, and ASN analysis into a single, easy-to-use screen. Designed for security teams, it helps you identify threats early, analyze risks, and protect your brand, all in real-time.
In today’s fast-moving cyber landscape, staying ahead is crucial. Total View offers proactive defense by flagging potential attacks before they fully launch, delivers comprehensive insights with historical and Subdomain data, saves time with a unified view, and detects impersonation attempts, such as Typosquatting. For example, it can catch a fake website mimicking your brand before customers are tricked.
Key features
Highlights: An overview of domain details is displayed at the top of the screen.
.png)
Expanded Section: Exposes domains and categories via query-tabs for in-depth analysis.
.png)
Domain Wide View: Explores subdomains for a full picture. Advanced features, such as Threat Feeds and Context Similarity, are restricted to paid users for real-time intelligence.
Get started
From the main menu, enter a Domain, IP, or ASN, and select Total View.
Begin with the Highlights section to gain a quick understanding of your Observable.
Use Total View for URLs
For URLs, Total View analyzes the base component:
Domain-based URL (e.g., https://example.com/path): Returns domain tabs.
IP-based URL (e.g., https://192.168.1.1/path): Returns IP tabs.
Tips for Total View
Pivot Efficiently: Click blue data points for lookups (available to all users).
Example: If a Web Scan Highlight indicates a suspicious Header Server value, pivoting to the IP address might reveal an ASN with a high Takedown Reputation Score, suggesting potential malicious activity.
Monitor Subdomains: Set up 24-hour alerts via Monitor (available to all users).
Leverage Domain-Wide view: Include subdomain data (e.g., blog.example.com) for comprehensive analysis, tracking metrics like Age and domain generation algorithms (DGA) to detect risks (available to all users).
Upgrade for Depth: Access Threat Feeds and Content Similarity for advanced threat intelligence (paid users).
Integrate Workflows: Use Copy API URL with SIEM platforms (available to all users).
Broader enrichment context
While Total View focuses on Domains and IPv4 addresses, Silent Push’s enrichment extends to IPv6 addresses and ASNs via the Standard Enrichment screen. These categories provide additional context for observables and may inform indirect analysis within Total View (e.g., ASN Reputation influencing IP-based insights).
IPv6 enrichment categories
Category | Elements | Description |
|---|
IPv6 Information | Date, Density, Subnet, SP Risk Score | Domain count, subnet, and overall risk score. |
ASN Information | AS Number, ASN Size, AS Name, Average Density, Max Density, Active IPs, Active Subnets | ASN size, density, and active IP/subnet counts. |
DNS Records | (List of recent DNS records) | Recent DNS records with pivot options; total count displayed. |
ASN enrichment categories
Category | Elements | Description |
|---|
ASN Information | AS Number, ASN Size, AS Name, Average Density, Max Density, Active IPs, Active Subnets | ASN size, density, and active IP/subnet counts. |
Whois RDAP Data | Copyright Notice, Description, Handle, Expiration Date, Last Changed Date, Registration Date, URL, WHOIS Server | WHOIS registration details |
ASN Takedown Reputation | ASN Takedown Reputation Score, IPs Active, IPs in ASN, IPs with URLs Listed, Number of URLs Listed, Lifetime Avg, Lifetime Max, Lifetime Total | Reputation based on takedown responsiveness. |
ASN Reputation Score | (Ratio of Blacklisted IPs) | Ratio of blacklisted IPs in the ASN over 30 days. |
Subnets | Subnet Size, Active IPs, Active Density, Max Density, Density Deviation | Subnet-specific metrics. |
ASN Risk Scores | ASN Takedown Reputation (0-100), ASN Reputation (0-100) | Scores for takedown responsiveness and blacklisted IP ratio. |
Next steps
Dive deeper with the Highlight Section, the Expanded Section, and Domain Wide View to master Total View’s capabilities.
The human-readable name (e.g., example.com) associated with an indicator of compromise (IoC) or network resource, used to identify and access websites or services in threat intelligence analysis.
Autonomous System Number, a unique numeric identifier assigned to an Autonomous System (AS) for managing IP address routing within and between networks on the internet
The specific subdomain extracted from a hostname, used to analyze hierarchical domain structures for potential threats.
A tool or method to detect domains mimicking legitimate company or supply chain domains, used to identify phishing or fraudulent activity
A distinct data point, such as an IP address, domain, or file hash, used in threat intelligence to identify, track, or predict potential cyber threats.
The process of exploring and analyzing related data points, such as domains or IPs, from an initial indicator to uncover patterns or potential threats within a network.
A feature that automates periodic scans of DNS or WHOIS data, sending email alerts for new results to track changes in domains, IPs, or infrastructure without manual queries.
A feature in a threat intelligence platform that provides comprehensive analysis of a domain and its subdomains, including DNS records, web content, and infrastructure changes, for holistic threat assessment
An Indicator of Compromise (IoC) with potential to cause harm, such as a malicious IP, domain, or file hash.
A metric or analysis method that compares web content, such as HTML or favicons, to identify potential impersonation or phishing attempts mimicking legitimate domains.
A measure of an Autonomous System’s trustworthiness, calculated as the ratio of blacklisted IP addresses to the total active IPs within the ASN over the past 30 days, indicating potential risk levels.
The network segment associated with an IP address, used to contextualize and analyze related infrastructure.
A risk score assigned to an indicator by Silent Push, quantifying its potential threat level based on various factors.
The total number of IP addresses allocated to an Autonomous System Number (ASN),indicating the scale of the network’s address space, used in Silent Push to assess the potential scope of malicious activity within a network.
The descriptive name assigned to an Autonomous System (AS), a collection of IP routing prefixes under the control of one or more network operators, used to identify the network in routing operations.
The average number of domains or subdomains associated with a network element (e.g.,IP, ASN, nameserver, or MX server) over a specified period, used to identify patterns of concentrated activity that may indicate malicious infrastructure.
The maximum number of domains or subdomains associated with a single network element (e.g., IP, ASN, nameserver, or MX server) at any point, used in Silent Push to highlight peak concentrations of potentially malicious activity.
The count of unique IP addresses actively resolved as A records within an Autonomous System Number (ASN) over a specific period, indicating the network's operational scope.
The count of unique subnets within an Autonomous System Number (ASN) that contain actively resolved IP addresses over a specific period, used in Silent Push to assess the distribution of network activity and identify potential malicious infrastructure segments.
Publicly available data collected during domain registration or DNS updates, used to analyze domain ownership and history.
A score evaluating a network operator’s responsiveness to abuse reports and their effectiveness in mitigating malicious activities within their Autonomous System, reflecting their commitment to security.
The total number of IP addresses within an Autonomous System Number (ASN), assessing the scope of network infrastructure.
The total count of URLs pointing to IP addresses within an Autonomous System Number (ASN) that are listed on trusted threat intelligence feeds, indicating the scope of malicious activity.
A numerical score reflecting the trustworthiness of an Autonomous System based on its history of hosting malicious or benign activities, aiding in risk assessment for associated IPs or domains.
A list of known malicious entities, such as IP addresses, domains, or URLs, blocked or flagged by security systems to prevent access or interaction, reducing exposure to threats.