Press Releases

DomainTools App for Splunk Gives Security Teams Enhanced Domain Threat Intelligence for Detecting, Investigating and Predicting Cyber Attacks

SEATTLE – October 10, 2019DomainTools, the leader in domain name and DNS-based cyber threat intelligence, today announced significant enhancements to its app for Splunk to help customers more quickly and precisely hunt threats, investigate incidents and predict malicious cyber activity with profiles and risk scores for every domain name. The app is available for download on Splunkbase:

The DomainTools App for Splunk® Enterprise will be demonstrated at Splunk .conf19 in Las Vegas, October 21-24. With the updates, Splunk users can now:

  • Enrich Domains with Tagging: reducing Mean-Time-to-Respond (MTTR) and automating Incident Response (IR)
  • Bring in Comprehensive Domain Monitoring: including newly registered domains for discovering phishing attacks
  • Browse and Search Enrichment Datasets: conveniently inside Splunk to support IR and investigations
  • Centralize Dashboarding of Splunk Enterprise Security (ES) components: for improved visibility and operational efficiency

“Domain deception techniques are driving the majority of today’s cyberattacks, and more than 90 percent of them start with a spear phishing email. With the influx of security events per second rising, organizations need the ability to execute high query volumes with increased response times. The DomainTools Iris Enrich API and PhishEye API for Splunk allows customers to rapidly enrich domains with tagging, domain risk score, Whois, IP, active DNS, website & SSL data to surface evidence of malicious activity,” said Corin Imai, senior security advisor, DomainTools.

“Domain intelligence can provide critical data to help power an effective SOC,” said Aziz Benmalek, Vice President, Worldwide Partners, Splunk. “Splunk’s mission is to bring data to everything. Every question, every decision and every action – especially from a security standpoint. The DomainTools App for Splunk will help bring high-quality domain intelligence to SOC teams and across the organization.”

The DomainTools App for Splunk provides direct access within Splunk to DomainTools’ industry-leading threat intelligence data on domain names, the individuals who control them, and the infrastructure that supports them. DomainTools has the breadth and quality of data, the nuanced cybersecurity understanding, and machine learning expertise to create and validate algorithms that power Domain Risk Scores to predict malicious domains before they are weaponized.

Download the DomainTools App for Splunk v3.4 now on Splunkbase:

About DomainTools

DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at or follow us on Twitter: @domaintools.

Media Contact Information:
Leslie Kesselring
Kesselring Communications for DomainTools
[email protected] or [email protected]