Microsoft Sentinel

Enrichment, Hunting, and Alerting

When you add world-class passive DNS and domain registration data to one of the leading SIEM platforms, a lot of powerful incident response (IR) and hunting use cases are unlocked. The DomainTools® App for Microsoft Sentinel allows customers to rapidly enrich domains with Domain Risk Score, domain age, Whois, IPs, active and passive DNS provided by Farsight’s DNSDB®, and other connected infrastructure data to surface evidence of malicious activity.

Iris Enrichment Playbooks

Enable alerting or quick-look analysis of domain- or IP-related events

Enrich up to 6,000 domains/minute with DomainTools intelligence using bulk lookups against the Iris Enrich interface

‍

Iris Investigative Playbooks

‍Explore connected infrastructure to assess risk, find hidden threats, and enable detections

The Iris Investigate playbooks present Risk Score, Whois, SSL, and hosting infrastructure, along with highlighted guided pivots and connected-domain counts on pivotable fields

‍

Farsight DNSDB Playbooks

‍Perform lookups of DNS infrastructure against Domain and IP indicators

The integration with Farsight’s DNSDB includes several actions and 4 reference playbooks to allow you to leverage Farsight passive DNS data in your investigations