Domain Intelligence, Inside Cortex XSIAM
DomainTools feeds domain intelligence, real time threat feeds, and predictive risk scoring directly into your Cortex XSIAM environment so your team can detect and respond to threats automatically.
Security analysts are forced into workflows that are manual, repetitive, and require constant attentiveness. One detail overlooked can lead to serious consequences. When domain intelligence is disconnected from your detection platform, context arrives too late to matter.
Purpose built for detection and automation teams running Cortex XSIAM.
Domain intelligence is automatically applied to incoming alerts and automated workflows. No manual lookups, no delayed context.
Newly observed and active domains stream directly into your XSIAM environment, giving your team visibility into threats at the earliest stage of the domain lifecycle.
Automatically block threats based on connected infrastructure before they can be weaponized, reducing response time across your SOC.
Install from the Cortex Marketplace Navigate to the Cortex Marketplace and select the Cortex XSIAM platform. Download the DomainTools Iris Investigate pack with dependencies and install it in your Cortex XSIAM instance.
Configure in minutes Navigate to Settings and Integrations. Search for DomainTools Iris and add a new instance. Enter your API username and key and test the connection to verify credentials.
Enrich automatically Domain intelligence is applied automatically to incoming alerts and automated workflows as they are generated. No analyst input required for enrichment to take place.
Block and escalate Automatically block threats based on connected infrastructure. Domain tags set in Iris Investigate trigger alert escalation without manual input.
Full domain intelligence and automated threat detection, available directly within Cortex XSIAM.
Domain intelligence is automatically applied to incoming alerts and automated workflows as they are generated, without requiring analyst input.
NOD, NAD, NOH, Domain Hotlist, Domain Risk, and Parsed RDAP stream directly into your XSIAM environment, covering the full domain lifecycle from first observation to risk.
ML classifiers score domains for phishing, malware, spam, and proximity to malicious infrastructure, often within seconds of creation and months before blocklist appearance.
Tag domains in Iris Investigate and have them automatically monitored in XSIAM. Tagged identifiers trigger automatic alert escalation.
Create custom automated workflows to trigger IoC investigations and block threats based on connected infrastructure before weaponization occurs.
Access full domain intelligence including IP addresses, nameservers, mail servers, web servers, SSL certificate details, email addresses from DNS SOA records, Whois and RDAP data, and historical DNS and IP data to enrich any alert or workflow.
DomainTools real time feeds cover every stage of the domain lifecycle. Each feed is configured independently within the Cortex XSIAM integration.
Surfaces domains we observe for the first time, giving your team visibility before they can be weaponized.
Surfaces apex-level domains seen for the first time or after ten or more days of inactivity.
Surfaces hostnames observed for the first time, expanding coverage beyond apex-level domains.
Identifies currently operational apex-level domains with high risk scores that have shown activity within the last 24 hours. Each entry expires after 24 hours, making it a focused feed for building high-confidence block lists.
A continuous real-time feed of all apex-level domains with a combined risk score of 70 or higher, regardless of recent activity. Broader than the Domain Hotlist, it provides comprehensive visibility into potentially dangerous infrastructure that may not be currently active but still poses a risk.
Structured real time registration data access protocol data for domains in the feed.
Ready to get started with DomainTools forCortex XSIAM
Request a Demo