Microsoft Sentinel Integration

Enrichment, Hunting, and Alerting

When you add world-class passive DNS and domain registration data to one of the leading SIEM platforms, a lot of powerful incident response (IR) and hunting use cases are unlocked. The DomainTools® App for Microsoft Sentinel allows customers to rapidly enrich domains with Domain Risk Score, domain age, Whois, IPs, active and passive DNS provided by Farsight’s DNSDB, and other connected infrastructure data to surface evidence of malicious activity.

Precisely Target Alerts and Hunt Threats Across Your Enterprise

Iris Enrichment Playbooks

Enable alerting or quick-look analysis of domain- or IP-related events

Enrich up to 6,000 domains/minute with DomainTools intelligence using bulk lookups against the Iris Enrich interface
Iris Investigative Playbooks

Explore connected infrastructure to assess risk, find hidden threats, and enable detections

The Iris Investigate playbooks present Risk Score, Whois, SSL, and hosting infrastructure, along with highlighted guided pivots and connected-domain counts on pivotable fields
Farsight DNSDB Playbooks

Perform lookups of DNS infrastructure against Domain and IP indicators

The integration with Farsight’s DNSDB includes several actions and 4 reference playbooks to allow you to leverage Farsight passive DNS data in your investigations

Support and Learning

Webinar

Good Chemistry: The Integration Between DomainTools and Microsoft Sentinel

Learn More
Blog

The Perfect Pair: Integrating DomainTools Data Sets in Microsoft’s Sentinel SIEM Product

Learn More

About Microsoft Sentinel

Microsoft Sentinel is a scalable, cloud-native solution that provides:

Security information and event management (SIEM)

Security orchestration, automation, and response (SOAR)

Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise. With Microsoft Sentinel, you get a single solution for attack detection, threat visibility, proactive hunting, and threat response.