Security Threat Monitoring Beta

In this article/faq, I will explain the security threat dashboarding/monitoring. 

What is it?

In the first beta phase, we will make the threat intelligence we download from Pulsedive available to our customers in the domain manager. 

If you are a customer of Realtime Register you can join the beta program. 

Please contact our support team for information.

As a customer, you will be able to see the active security threats. 

Security threats could be phishing domain names or malware domain names. 

The Abuse Dashboarding provides you with information that usually does not get reported to Registrars. 

As a result, you can assist registrants very fast and clear a lot of issues.  

The goal

Our goal is not to set up a new business model. Abuse monitoring is free of charge. The end goal is to reduce DNS Abuse and stop it where possible. Providing our customers with detailed information should assist them in that goal. 

Not Realtime

In the current phase, we refresh the dashboard once a day. 

We are pulling a lot of data, and in the current setup, it is not possible to visualize such data real-time. 

In a later stage, we will be able to process data much faster. 

Getting Access

To get access you need to contact our support team. Once you have access we suggest you create a new user role with the following role: EMBED_BI

EMBED_BI

Once you add that user role to one of your users they will be able to view the data. Depending on the level of abuse it might take a while the first time to process all the data into your account.

The Dashboard

I think the layout is self-explanatory. 

How to export data

You can view the active security threats, the levels of abuse. 

In the dashboard, you can zoom in on different aspects and compare those with each other. 

For example, you can zoom in on a TLD and combine that with the risk level indicators. 

Combining information will give you a better sense of what is going. It also helps to detect patterns. 

Please make use of the filters; they are there for a reason. 

One of the key filters is the “added” filter. The “added” filter shows you the newest IOC’s (Indicators Of Compromise). 

 

Zoom in on Pulsedive. 

When you select a domain name, you can view the details as we downloaded them from Pulsedive, including the link to Pulsedive for even more information. 

It goes beyond the scope of dashboarding to explain Pulsedive fully. But from the screenshot, we can see in this example that the IP address no longer resolves, and the threat is most likely no longer active. Within Pulsedive, you can pivot through more data and or rescan a domain name to obtain the latest information. 

With the information at your fingertips you can remove malicious URLs from your server.

 

Pulsedive provides us with actionable threat intelligence data. The data covers the following areas. 

  • Malware
  • Phishing
  • Advance Persistent Threats
  • Cyber Terrorism and Cyber Warfare
  • Spam
  • Botnets/C2/C&C
  • User-submitted research like intelligence research
  • Domains Generated Algorithm names

History

With our data in combination with the data from Pulsedive some of our resellers can go back till the year 2015.

Spam

Currently, we are not monitoring domain names that are engaged in spam. 

Such feeds are very expensive, considering we do not provide email services. And we do offer our abuse monitoring for free to help to reduce DNS abuse.