Newly Observed Domains, the first of our attack analytics feeds, is a proprietary enriched RiskIQ dataset containing newly resolving domains.
RiskIQ’s continually updated Newly Observed Domains provides customers with near real-time intelligence of domains seen for the first time in our passive DNS repository.
Threat actors often programmatically use different domains for their attack campaigns. These domains could be hosting phishing sites, distributing malware, or acting as part of a larger malicious campaign, therefore newly active domains can serve as a guide to whether a domain is legitimate or not.
Organizations can proactively defend their enterprise against emerging cyber threats by blocking newly observed domains for a specified time period based on policy and risk tolerance.
How to Use It:
- Proactive blocking of domains
Interested in enhancing and enriching your organization’s security operations and incident response activity even further? Then check out: