The DomainTools product team is constantly on the lookout for ways to make the Iris experience smoother, more efficient, and more pleasing. To that end, we have released a set of small enhancements that we believe you’ll like—just in time to ferret out those shopping-bargain scams or business email compromise spearphishes.
- URL Structure Changes: We made some changes to the structure of the URLs of Iris searches, the biggest impact of which is that your browser’s “back” and “forward” buttons work in a more intuitive way when you’re using Iris. If you’ve done some pivots, and hit the “back” button, you will now be taken to the previous query, rather than to the Iris home page.
- Investigation hash import preview: Iris’s Export function generates a blob of text which, when imported, takes the user to the same query that was exported. This can be a handy way to show a given query to another Iris user who is not in your group (or even, potentially, your organization). Now, when you import the blob of text, you’ll be shown a preview of the search you’re about to run:
- Type-ahead in Advanced: When you use the filter selections in Advanced, sometimes the one you want is way down the list (think TLD or Risk Score, both way down the alphabet). Now, if you want to jump right to the item, you can begin typing it and Iris will take you right to the filter you want:
- Drag and Drop query building/modification: This is another enhancement in Advanced: you can rearrange AND or OR queries in Advanced by dragging the filters up or down (this has been possible all along, but it’s more obvious in the UI now). Perhaps even cooler, you can drag “pivotable” objects, such as email addresses, IP addresses, or SSL hashes, from Pivot Engine, Domain Profile, or Stats straight to the Advanced pane, to create a new condition for the query: You can also drag objects up to the green filters bar at the top of the screen, which is handy if you don’t have Advanced open already.
- Downloads and Pivot Engine pagination: If you have a results set of more than 500 domains, the Pivot Engine is paginated (500 rows per page). It is now possible to get each page’s contents in the .csv or STIX download. For example, if your results set had 1500 domains, you would download the first 500 by clicking the Download button from the first page of the Pivot Engine. You would then go to the next page and download the next 500, etc. Previously, the downloads were limited to the first 500 results.