Skip to main content
DomainTools Announces Predictive Threat Feeds - Powering Preemptive Exposure Management
SIEM
TIP

Anomali

DNS-Based Cyber Threat Detection and Response

The DomainTools® Iris® App for Anomali delivers a subset of DomainTools Iris data, together with pivot capability and domain risk score, directly to the analyst inside the Anomali Security Operations Platform. This integration enables rapid in-context assessments of domain name observables and discovery of connected domains that share the same IP, hostname, or SSL certificate hash.

Learn More about
Anomali

Context Enrichment for Domains

Domain name observables offer a “DomainTools Iris” tab in the set of context enrichment options that provides:

  • Domain Risk Score with supporting evidence and component scores from machine learning classifiers & proximity-based risk algorithms.
  • Domain profile attributes from the DomainTools Iris dataset, including identity, infrastructure, web crawl and SSL details.
  • Guided Pivot counts for each attribute to identify dedicated infrastructure, novel identities, and potential research pathways.
  • Outbound link to DomainTools Iris to perform deeper analysis, with the domain name context preserved in the link to streamline the investigation process.

Pivot Enrichment

The DomainTools Iris App for Anomali provides a pivot-based enrichment that operates on observables in the “Explore” feature of Anomali Threatstream. Supported data types offer a “DomainTools Iris” option in the right-click context menu and return a subset of the Iris data as nodes on the pivot chart. These nodes enable further pivots.

Context Enrichment for IPs, Emails, and SSL Certificate Hashes

IP addresses, emails and SSL certificate hashes offer a “DomainTools Iris” tab in the set of available context options that provides the list of connected domain names that share the same observable value, with insights into their risk scores and age.

  • List of connected domain names sourced from the Iris Investigate API.
  • Domain Risk Score distribution across the list of connected domains.
  • Domain age distribution across the list of connected domains.

Identify, Prioritize, and Respond to Threats

Context-based enrichment for domain names, IP addresses, hostnames, and SSL certificate hashes.

Download Data Sheet

Request a Demo

Heading

Login
Contact
Support
Request a Demo