Contents x
      Domain enrichment categories
      • 02 May 2023
      • 3 Minutes to read
      • Print
      • Dark
        Light
      Contents

      Domain enrichment categories

      • Updated on 02 May 2023
      • 3 Minutes to read
      • Print
      • Dark
        Light
      Article Summary

      Enriching a domain observable helps your security teams to understand a domain's origin, function and risk level.

      Enriched domain data is spread out across 17 categories and sub-categories, with 70+ individual elements, including:

      • Basic Information
        • Domain information
        • WHOIS information
        • DNS Records
      • Enriched Attributes
        • IP Diversity
        • Nameserver Information
        • Nameserver Changes
        • Curated Feed History
      • Custom Attributes
      • Live Threat Feeds
      • Scan Data (obtained from Silent Push's daily IPv4 scans)
        • Certificates
        • JARM
        • Favicon
        • HTML
        • Header

      Let's take a look at each category in turn, and the individual elements contained within them that make up Silent Push's data enrichment service.

      Basic information

      Domain information

      ElementDescription
      User TagsObservable tags added by organizational users
      InfratagAutomatically generated tag that provides an at-a-glance summary of the infrastructure used by a domain
      FirstSeenThe date when this domain was first seen in the zone files
      LastSeenThe date when this domain was last seen in the zone files
      AgeThe number of days since the domain was first seen in the zone files
      DGAHow likely it is that a domain was created by an automated generation algorithm

      WHOIS information

      ElementDescription
      CreatedThe date when the domain was registered
      CountryThe country in which the domain is registered
      CityThe city in which the domain is registered
      AddressThe address at which the domain is registered
      EmailThe domain's registered email address
      ZIP codeThe domain's registered ZIP code
      RegistrarThe domain's registrar

      DNS records

      Enriched DNS data consists of a count of each individual DNS record linked to the domain, with a sum total provided underneath the table of records:

      • A
      • AAAA
      • CNAME
      • NS
      • MX
      • SOA
      • TXT

      Enriched attributes

      IP diversity

      An observable's IP diversity score is a record of the amount of IPs pointed to over a 30-day period.

      ElementDescription
      HostThe host name represents the network or system used to deliver a user to a certain address or location
      ASN DiversityHow frequent an IP changes between AS numbers
      IP Diversity (All)The amount of IPs pointed to over the last 30 days
      IP Diversity (Groups)The number of different groups of IPs pointed to over the last 30 days, where a group may concist of one or more IPs pointed to at the same time

      Nameserver information

      Each NS listed is analysed across 4 elements, with a seperate table provided for each:

      ElementDescription
      NS ReputationThe ratio of blacklisted domains, taken from the total number of domains using a nameserver
      NameserverNameserver domain name
      NS domain densityHow many domains are used by a specific nameserver
      NS domain listedHow many domains are used by a specific nameserver

      Nameserver changes

      This category lists the number of changes that have occurred related to a specific nameserver.

      ElementDescription
      NS EntropyA score that includes recency, frequency, and the number of NS changes
      Number of ChangesThe number of times the domain has changed its name servers
      Last ChangeThe number of times the domain has changed its name servers

      Curated feed history

      NameDescription
      Curated Feeds History ScoreScore based on the frequency and recency of an observable, within trusted feeds
      First SeenTimestamp of the first time an observable appears in the feed
      Listed RecentThe most recent date where this domain or IP has been listed on at least one of the cureated feeds
      Listed SpanThe number of days between the first seen date and the most recent date where this domain or IP has been listed on at least one of the curated feeds
      Listed AllThe number of days where this domain or IP has been listed on at least one of the curated feeds (click the > arrow for a detailed breakdown

      Custom Attributes

      Organizational asset indicators (domains and IPs)

      This is an organization-specific scoring system used to tailor feed items according to unique business or supply chain assets (domains and IPs)

      NameDescription
      Customer Domain ScoreA score that indicates an observable's similarity to other domains
      Top Brand Domain ScoreA score that indicates an observable's similarity to top brands domains
      Supplier Domain ScoreA score expressing an observable's similarity to your organization's designated supplier domains

      Scan data

      Certificates

      Click the Show all associated certificates button to scan for a list of associated domain certificates

      Categories:

      • IP
      • Domains
      • SHA1
      • Valid From
      • Valid Until
      • Issuer Common Name
      • Issuer Organization
      • Scan Date

      JARM

      Elements:

      • JARM
      • Scan Date

      Favicon

      Elements:

      • Favicon md5
      • Favicon murmur3
      • Favicon2 md5
      • Favicon2 murmur3
      • Favicon2 path
      • Scan date

      HTML

      Elements:

      • Body ssdeep
      • Body murmur3
      • Title
      • Scan date

      Header

      Elements:

      • Response
      • Server
      • Expires
      • Content Length
      • Content Type
      • Cache Control
      • IP
      • Location
      • Scan Date
      Was this article helpful?
      What's Next