Elastic (ELK) Stack

Maximize Your SecOps

The DomainTools® App for Elastic provides maximum value for our customers who are utilizing Elastic within their SecOps. Elastic customers utilizing the ELK stack can readily leverage all functionalities out of the box.

The DomainTools app focuses on enabling core enrichment functionality along with a purpose-built user interface that will help analyze our diverse dataset—giving you deep visibility of your network events. Gain all this while creating a stable and scalable app architecture that can grow with your adoption.

DomainTools App for Elastic

• Enables core enrichment functionality
• Provides a smooth user experience through our diverse dataset
• Creates a stable and scalable app architecture
• Allows ad hoc investigations of domains from within Elastic

‍

Capabilities

• Leverage the Threat Intelligence Dashboard for risk metrics to highlight malicious activity
• Lookup domains from within Kibana, or utilize a customized UI to template our varied dataset from Iris
• Proactively monitor potentially malicious domains prior to misuse
• Configure LogSources and Indexes
• View configurations of Enrichment Settings in App UI
• Manage an allow list of up to 1,000 domains

‍

Event Enrichment

The DomainTools App for Elastic leverages ECS schema out of the box. For all domains that are in our cache, the enrichment takes place while events are being indexed—providing actionable threat intel in real-time!

‍

DomainTools enrichment data is added inline to the events as an ECS object; therefore, all Elastic functionalities (including SIEM) can leverage the data downstream.

‍