connectors icon indicating copy to clipboard operation
connectors copied to clipboard
verified publisher icon OpenCTI-Platform

[virustotal-enrichment] Add reverse DNS resolutions

Open fruitcakej opened this issue 9 months ago • 1 comments

Use case

When enriching an IP, I would expect to get the latest known domain for that IP. When enriching an IP, retrieve the “passive dns replication” field and create observables for the last three resolved domains (and the date of resolution should be saved in the created relationship within OpenCTI).

Current Workaround

This information is very important to retrieve, and currently SOC analysts have to go onto VirusTotal themselves for this piece of information.

Proposed Solution

Have the ability to retrieve the domain from the IP - reverse DNS

fruitcakej avatar Mar 18 '25 13:03 fruitcakej

Besides reverse DNS, can additional information, such as Whois information, registration data, HTTPS certificates, be added to Notes?

ericWadeFord avatar Dec 11 '25 16:12 ericWadeFord