Total View screen
    • 30 Aug 2024
    • 3 Minutes to read
    • Dark
      Light

    Total View screen

    • Dark
      Light

    Article summary

    Enriching an IPv4 or domain presents the Total View screen.

    Total View provides data across a multitude of Silent Push queries, scans and features from one central location, providing a one stop shop for domain and IPv4 intelligence, without the need to access multiple menus at once, or perform extended analysis on an observable.

    Pivoting on Total View data

    As with other screens across the Silent Push platform, pivotable data on the Total View screen is highlighted in blue. Left click a blue data point anywhere on the Total View screen to be presented with a contextual pivot menu.

    Total View 'Highlights'

    The top section of the Total View screen contains highlights that provide at-a-glance information for your chosen domain or IP.

    Highlight categories are different, based on wether or not you're enriching a domain or an IPv4 address.

    Domain highlights

    1. Silent Push Risk Score, including a diagram of how we arrived at the score by using secondary scoring data
    2. Passive DNS record count, per record type
    3. WHOIS registrar and created date
    4. Infrastructure Variance
      1. ASN diversity
      2. IP diversity
      3. Nameservers changes
    5. Live Scan highlights
      1. Response
      2. Scan date
      3. Favicon
      4. HTML title
      5. Header server
      6. Screenshot

    IPv4 highlights

    1. Silent Push Risk Score, including a diagram of how we arrived at the score by using secondary scoring data
    2. Passive DNS record count, per record type
    3. IP infrastructure
      1. AS number
      2. AS name
      3. Subnet
    4. Live Scan highlights
      1. Response
      2. Scan date
      3. HTML title
      4. Header server
      5. Screenshot

    DNS and web content data

    The bottom section of the Total View screen contains extended data on the given domain or IPv4 address, returned from various built-in queries and features.

    As with Total View Highlights, data categories are different for domains and IPv4 addresses.

    Data is displayed on a single table. Categories are accessible as tabs, across the top of the table.

    Domain-based data categories

    1. PADNS - A list of all DNS records associated with the domain, populated on an Explore table

    2. Infrastructure Variance

      1. A list of ASNs associated with the domain
      2. The domain's IP Diversity metrics (visual timelines of AS hops, IP diversity score, ASN diversity)
      3. Nameserver data (nameserver domain density, nameserver reputation scores)
    3. Web Scanner - Runs the following Web Scanner query on the given domain, with tabulated, pivotable results displayed on the same screen: origin_hostname = [domain] AND hostname = [domain]

    4. WHOIS - Displays a graphical and tabulated list of WHOIS changes, and the latest SOA record

    5. Threat Feeds - Displays data related to the domain's historical existence within a threat feed, and a list of live threat feeds where the domain currently exists

    6. Screenshots - A timeline of domain screenshots, taken at various intervals

    7. Dangling DNS - A count and a list of dangling DNS records associated with the domain

    8. Subdomains - A list of all subdomains associated with the domain

    9. Certificates - A pivotable list of all active and expired certificates associated with the domain, including a graphical list of certificate issuers

    IPv4-based data categories

    1. PADNS - A list of all DNS records associated with the domain, populated on an Explore table
    2. IP Infrastructure - ASN and subnet data, related to the IP address
      1. Basic ASN information
      2. ASN domain takedown reputation (including a 30-day graph of the ASN's takedown score)
      3. ASN reputation (including a 30-day graph of the ASN's reputation score)
      4. WHOIS RDAP data
      5. Associated subnets
    3. Threat Feeds - Displays data related to the IPv4's historical existence within a threat feed, and a list of live threat feeds where the IPv4 currently exists
    4. Web Scanner - Runs the following Web Scanner query on the given domain, with tabulated, pivotable results displayed on the same screen: origin_hostname = [IP] AND hostname = [IP]
      1. Screenshots - A timeline of screenshots, taken at various intervals

    Was this article helpful?