SEATTLE, July 23, 2020 – DomainTools, the leader in domain name and DNS-based cyber threat intelligence, today announced DomainTools App for Elastic, the company behind Elasticsearch and the Elastic Stack. The app is an integration providing maximum value for DomainTools customers who are using the Elastic Stack within their Security Operations.
The DomainTools App for Elastic will integrate with the Elastic Stack, and customers utilizing Elastic solutions can leverage all functionalities readily out of the box. Maximizing value for DomainTools customers, the app enables core enrichment functionality. This provides a smooth user experience for analyzing our diverse dataset, creating a stable and scalable app architecture, and allowing ad hoc investigations of domains from within Elastic.
This new app gives customers a variety of features:
- Leverage the Threat Intelligence Dashboard for risk metrics to highlight malicious activity
- Lookup domains from within Kibana, or utilize a customized UI to template our varied dataset from Iris
- Proactively monitor potentially malicious domains prior to misuse Configure LogSources and Indexes
- View configurations of Enrichment Settings in App UI
- Manage a list of allowlisted domains (up to 1k)
- …and more
“Elastic’s community and partner momentum enables our users to benefit from the innovative work our technology partners are developing,” said Craig Griffin, VP of Cloud and Technology Partners at Elastic. “DomainTools’ integration with Elastic Security will enable SOC teams to accelerate their security investigations and response with impactful intelligence datasets and visualizations, all within the Elastic UI.”
The DomainTools App for Elastic leverages ECS schema out-of-the-box. For all domains that are in our cache, the enrichment takes place while events are being indexed—providing actionable threat intel in real-time. The DomainTools App for Elastic is available directly from DomainTools to customers immediately.
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at https://www.domaintools.com or follow us on Twitter: @domaintools.