Splunk SOAR

Empower Your Investigations

The DomainTools® App within Splunk SOAR enables you to block domain names based on Domain Risk Score, identify malicious connected infrastructure, and pivot within playbooks.

Enhance Your Playbooks

• Use Domain Risk Score to predict how likely a domain is to be malicious and take automated actions informed by the severity and classification of the threat
• Leverage domain name and IP address Whois lookups in ad-hoc actions on events
• Make automated decisions in playbooks to enrich a Splunk event with connected domains and even block them proactively
• Add domain name profiles, ownership history and hosting history automatically in any Splunk playbook
• Discover how many domains share an identity, a name server, or a hosting IP
• Find recently registered domains that match a keyword

‍

Automate Your Playbooks

• Speed incident handling by ensuring analysts have everything they need to triage an event
• Avoid context switching and preserve important artifacts in an event context
• Efficiently execute the best analyst workflows with no manual interventions
• Take targeted action on risky domains informed by machine learning classifiers