Updates: January 20th, 2023

Highlights include new dashboard cards, refinements to the Add Manual Lookalikes page, and a new column to indicate false positive reporting

Francesca Runger-Field avatar
Written by Francesca Runger-Field
Updated over a week ago

New features

New dashboard cards

The large takedown summary card from the Dashboard page has been replaced with two smaller cards, as seen in the screenshot below:

The new cards are:

  • Inactive domains with potential threats - provides estimated numbers of lookalike domains for your inactive domain assets. You may use this information to selectively enable more domain assets for active lookalike domain monitoring.

Clicking will navigate to the takedown table with status filters applied.

  • Lookalikes in takedown - provides status information about the takedowns you currently have in your Takedowns tab from the Activity page.

Clicking will navigate to the Domains Details page.

Revamped the Add Manual Lookalikes page

Lookalike domains can be added with different degrees of information. We have reworked the Add Manual Lookalikes page to allow you to specify extra bits of information for manually-added lookalike domains.

From now on, the process of manually adding a lookalike is as follows:

  • Click the Add lookalike button. This will create a new empty row in the table below.

  • Enter the lookalike domain name on the cell under the Lookalike column

  • Select a related domain from the dropdown displayed upon clicking on the cell under the Related Domain column. You can also enter any other domain name, as long as it is valid.

  • Select a classification for the new lookalike domain. You can choose from three predefined options: unclassified, low risk, and high risk. Depending on the choice, OnDOMAIN will add the manually-added lookalike domain to the corresponding tab in the Activity page once the lookalike domain gets scanned.

Alternatively, you can upload multiple lookalike domains with their related domain and classification in a CSV file. To do so, click on the Upload CSV button and drag and drop the CSV file into the modal dialog that will appear. You can download a CSV sample file from the very same dialog modal to check the format expected by OnDOMAIN.

The lookalikes table on this page offers built-in edition capabilities to apply changes to the new lookalikes before committing them for scanning.

  • Click on the cell of the Related Domain column you wish to edit and select a domain from your domain assets present on the Domains page. Note that entering a domain name that does not exist on your Domains page will not add it to such a page automatically.

  • You may also change the Classification of a given lookalike domain by clicking on the cell of such a column, and selecting one of the available options (low risk, unclassified, high risk).

  • If a lookalike domain name is not valid, it will be highlighted in the UI.

Please note that once you hit the Confirm button, the lookalike domains will be sent to OnDOMAIN and it will take some time for them to appear in their corresponding Activity page tab.

API integration for lookalikes triage

As a first step towards exposing the OnDOMAIN API more publicly, we are opening the very first public API endpoint.

You will find more detailed information by reaching out to the Swagger documentation that is linked from the new API Access entry under the Integrations menu on the left sidebar.

The purpose of this endpoint is to triage an input list of lookalike domains and output those domains that match any of your OnDOMAIN account domain assets. Under the hood, this API endpoint relies on OnDOMAIN’s lookalike detection engine to find matches.

If your company has lookalike detection sources that you would like to rely on to pump more data into OnDOMAIN, you may use this API endpoint to do so. By periodically sending potential lookalike domains to this endpoint, OnDOMAIN will process them through its lookalike detection engine and output to the Activity page any matches against your domain assets.

You will be able to identify the matches coming from this integration using the Source column on the Activity page.

  • OnDOMAIN means that the lookalike domain was detected by OnDOMAIN itself, using its built-in lookalike domain data sources.

  • Other values will exist depending on the source name you specify when sending the input list of lookalike domains to the API endpoint. For more information, check the corresponding Swagger documentation.

New filter to exclude multiple values at once

There are a variety of filters on different views inside OnDOMAIN, such as Domains, Activity, etc. Depending on the column to filter on, the list of available filters may be different.

For those columns that show a predefined set of values, such as the DMARC Status column, we have added an extra filter called is not any of.

The purpose of this filter is to act as the counterpart to the is any of filter. That is, the new filter will allow you to exclude those rows that do not match any of the values provided in the filter.

New column to indicate false positive reporting in Activity

Lookalike domains in the Activity page can be reported as false positives, which moves them automatically to the Low Risk tab.

In order to keep track of the lookalike domains that you or any of your colleagues may have reported as false positives, a new column has been added to the Activity page to indicate whether the corresponding lookalike domain has already been reported as a false positive.

A green bubble will indicate that the lookalike domain was already reported as a false positive, whereas a grey bubble will indicate that the domain has not been reported just yet.

This new column comes with a filter companion, so you may use the latter to filter the data from the Activity page with further details!

Fixes

Corrected class name validator for logos

When adding new logos from the Add Logos page, a class name needs to be provided for the new logo. We noticed the validation of new class names was failing incorrectly for valid class names containing numbers.

The issue has been resolved now, and class names can now consist of alphanumeric characters.

Consistent lookalike deletion of deleted domain assets

We identified some inconsistencies during the domain asset deletion process. In theory, whenever a domain asset was deleted or deactivated for lookalike domains search, all of its related unclassified lookalike domains from the Activity page should be removed and no more lookalike domains related to the domain asset should be added.

However, lookalike domains kept appearing on the Activity page after their related domains were no longer active or deleted.

This issue should be gone and once a domain asset gets deleted or deactivated, all of its related unclassified lookalike domains should be gone and no more should get added over time. Unless, of course, the domain asset is added back again or activated for lookalike domain search.

Tuned subdomains table filtering

The subdomains table present in the details page of a domain asset (accessible from the Domains page list) was showing an error message on specific scenarios when attempting to apply filters on some of its columns.

From now on the table should not produce an unexpected error when filtering on any of its columns.

Did this answer your question?