Late last week, we pushed out a silent update to our source associations page that included several helpful features and the addition of two new sources, 360CN and CIRCL.lu. In total, PassiveTotal now provides access to 12 passive DNS repositories making it the most comprehensive solution for doing threat infrastructure analysis. Over the next several weeks, we anticipate adding two more additional sources to the platform to provide even more coverage.
Beyond adding new sources, we also re-evaluated the actual design of the page. Our old interface was designed around one type of authentication method, API keys. This was great for most providers, but as we expanded our supported sources, we found that other methods like tokens and user credentials were being used. Trying to support that in the old model was a hack and it needed to be fixed. The final solution to the problem was a common data structure to describe the source, it's authentication properties and how it should be displayed within the platform.
While addressing the authentication issue, it also became clear that users may want to pick the sources that are activated inside the platform. Instead of seeing a list of sources, users are now presented with a grid of different providers we have available with the status of activate/deactivate. Simply clicking activate on any source will either turn it on automatically or provide a form for authentication details. Though simple, we view this change to our source association as a critical next step in supporting more types of data sources and sharing platforms.