MISP

Uncover Threat Actor Infrastructure

The DomainTools® MISP module helps Threat Intelligence teams and Security Analysts uncover actor infrastructure and profile threats by leveraging DomainTools APIs. Utilizing both the hover and expansion capabilities of MISP, analysts receive additional context on indicators. This allows them to map connected infrastructure and surface historical domain information to better assess risk.

DomainTools Iris Modules for MISP

• Gain context on domain names in MISP events with registration, infrastructure and SSL attributes
• Imports newly discovered and/or newly changed domains from DomainTools Iris Detect
• See essential domain attributes, including Risk Score with component classifiers and potential pivots, directly in MISP popups on domain attributes
• Pinpoint dedicated hosting, SSL certificate re-use, boutique hosting and shared identities with Guided Pivot counts in attribute comments
• Quickly identity opportunities to map connected infrastructure with Guided Pivot tags in the MISP event attribute list

Visit GitHub Repository

‍

Domain Risk Score

Optimized for MISP hover actions, the Analyze capability provides Whois data, a Domain Risk Score and counts of connected domains to help give quick context on an indicator to inform an interesting pivot and map connected infrastructure.

‍

Domain Discovery

The Historic capability will act on Domains or URLs to find historical context by expanding domain names to lists of registrars, IPs and emails historically connected with that indicator.

‍

Guided Pivots

Optimized for enrichment actions, the Pivot capability provides additional context on indicators by automatically building out a list of connected infrastructure from the counts presented in the Analyze capability.