DomainTools & Palo Alto Networks: Best in class DNS Intelligence

Triaging and responding to relevant alerts can be incredibly painstaking, especially with much of the security process being manual. Analysts are forced into workflows that are mundane and repetitive yet at the same time require incredible attentiveness. One detail overlooked could lead to horrendous consequences.

With the latest enhancements to the DomainTools App for Cortex by Palo Alto Networks, customers can further streamline their access to contextualized and operationalized intelligence, helping them more effectively detect, investigate, and respond to cybersecurity concerns.

The Most Critical Indicators, All in One Place

The DomainTools integration for Cortex delivers Real-Time streaming of critical intelligence feeds—including NOD, NAD, Domain Discovery, Parsed RDAP, Domain Hotlist, and Domain Risk—augmenting security teams’ capabilities with additional enrichment and risk scoring. Fully compatible with XSOAR 8.0, this integration provides seamless access to all current DomainTools API services across Cortex, including Iris Investigate, Iris Enrich, Whois History, RDAP, DNSDB, and Real-Time Threat Feeds. 

Detect and Respond to What’s Most Important:

• Seamless Integration: Perform interactive investigations directly within the Cortex War Room
• Automated Enrichment: Automate playbooks for enrichment of DNS observables.
• Rapid Response: Reduce reaction time when extracting and containing potentially harmful information from malicious payloads.
• Tagging: Add tags to domains in an Iris Investigation. Tagged domains can then be monitored within any product in the Cortex portfolio to escalate incidents containing these identifiers, automating incident response and expediting the triage process.
• Guided Pivot Counts: With Guided Pivot counts, the DomainTools Iris Investigate API displays which pivots are most likely to lead to relevant connections, reducing the number of clicks and dead-ends in an investigation. In the War Room, organizations can investigate observables with the “DomainToolsIris-Pivot” command.
• The Earliest and Most Reliable Domain Risk Scoring: The DomainTools Predictive Risk score uses ML Classifiers on Phishing, Malware, Spam, and Proximity to malicious infrastructure to determine how likely a domain is to be malicious, often within the first seconds of the domain’s creation and months before it’s found on an industry standard blocklist. In the Cortex portfolio, the DomainTools Iris Investigate API returns the Domain Risk Score along with individual scores for each machine-learning classifier, providing insight into the prediction.

‍

‍

Having the full suite of DomainTools products within the entirety of the Cortex portfolio equips customers with full visibility into the threats most relevant to them and enables them to respond all in one place. The DomainTools App for Cortex delivers real-time domain enrichment with tagging, historical Whois/RDAP, IP, passive DNS, website, and SSL data to empower active detection and investigation.

Automate the Incident Response Process

The integration of DomainTools with Cortex by Palo Alto Networks shields against common and sophisticated cyber threats alike. By leveraging the strengths of both platforms, cybersecurity and forensic teams can proactively manage risk, automate responses to threats, and maintain a robust defense against phishing, ransomware, and malicious network communications. 

Threat detection is what’s next in cybersecurity, and Cortex by Palo Alto Networks offers a comprehensive set of SOC capabilities within one autonomous platform. When paired with the DomainTools app, it adds a layer of context to drive even richer actionable intelligence, making it easier to proactively address common use cases in the modern SOC, such as phishing, ransomware, and malicious network activity, with more context throughout the threat lifecycle.

Getting Started 

Transform threat intelligence into an operational powerhouse for your cybersecurity team with the DomainTools Cortex Integration. Download the DomainTools Iris App for Cortex and the DomainTools Indicator Feed for Cortex