IBM QRadar

Boost Situational Awareness Around Key Events

The DomainTools® App for IBM QRadar gives analysts fast, in-context access to key information about domains, IP addresses, and SSL hashes that appear in events within Offenses.

Triage events and gain situational awareness around adversary infrastructure, and launch DomainTools Iris Investigate® for deeper investigations. Pinpoint high-risk or recently-registered domains that may represent threats.

Domain Details at a Glance

When domains appear within an Offense in QRadar, the DomainTools app provides information that analysts rely on, including:

• Predictive Domain Risk Scores
• Registration details from Whois and DNS SOA records
• IP address, name server, and MX records
• SSL/TLS certificate hashes

Need to go deeper? Launch an investigation in DomainTools Iris.

Download From IBM APP Exchange

If you are a current DomainTools customer, please contact your Account Manager before downloading the DomainTools QRadar App. We want to ensure that you have the proper inputs to make the application work to your advantage.

‍

Details on Potentially Risky Infrastructure

IP addresses within Offenses have on-demand enrichment available, including:

• Ability to pivot on the IP, seeing what domains are associated with it
• Ability to launch an investigation of the IP in DomainTools Iris

‍

Pivot Investigations on SSL/TLS Hashes

Increasingly, analysts and threat hunters are relying on SSL/TLS hashes to uncover insights on adversary assets. SSL/TLS hashes within Offenses have on-demand enrichment available, including the ability to:

• Pivot on the hash, seeing what domains are associated with it
• Launch an investigation of domains connected to the certificate in DomainTools Iris