Newly Observed Domains (NOD) Risk Management | RiskIQ

Security Intelligence Services

Newly Observed Domains

Identify malicious domains as soon as they appear

What is the Newly Observed Domains data set?

Newly Observed Domains, the first of our attack analytics feeds, is a proprietary enriched RiskIQ dataset containing newly resolving domains.

RiskIQ’s continually updated Newly Observed Domains provides customers with near real-time intelligence of domains seen for the first time in our passive DNS repository.

How Can it Help?

Threat actors often programmatically use different domains for their attack campaigns. These domains could be hosting phishing sites, distributing malware, or acting as part of a larger malicious campaign, therefore newly active domains can serve as a guide to whether a domain is legitimate or not.

Organizations can proactively defend their enterprise against emerging cyber threats by blocking newly observed domains for a specified time period based on policy and risk tolerance.

How to Use It:

  • Proactive blocking of domains

Additional Resources

Interested in enhancing and enriching your organization’s security operations and incident response activity even further? Then check out:

RiskIQ’s PassiveTotal API