Today, we are excited to announce the DomainTools App for Elastic. DomainTools customers rely on our domain name and DNS intelligence to triage and analyze events within SIEM platforms. And now, DomainTools users of Elastic can supercharge SecOps through our DomainTools App for Elastic.
This app delivers maximum value for our customers who are utilizing Elastic within their SecOps. Furthermore, Elastic customers working in the ELK stack can leverage all functionalities readily out of the box.
Enable Core Enrichment Functionality
For customers leveraging ELK components, the DomainTools App will integrate with the Elastic Stack, allowing out-of-the-box functionality. With this app, customers using Elastic Stack will gain maximum value through enabling core enrichment functionality, providing a smooth user experience through the diverse dataset–all while creating a stable and scalable app architecture that can grow with your adoption.
With this app, organizations can:
- Leverage the Threat Intelligence Dashboard for risk metrics to highlight malicious activity
- Lookup domains from within Kibana, or utilize a customized UI to template our varied dataset from Iris
- Proactively monitor potentially malicious domains prior to misuse Configure LogSources and Indexes
- View configurations of Enrichment Settings in App UI
- Manage a list of whitelisted domains (up to 1k)
- …and more
The DomainTools App for Elastic leverages ECS schema out of the box. For all domains that are in our cache, the enrichment takes place while events are being indexed—providing actionable threat intel in real-time. DomainTools enrichment data is added inline to the events as an ECS object; therefore, all Elastic functionalities (including SIEM) can leverage the data downstream.
Available for Download Now
The DomainTools App for Elastic is available directly from DomainTools to customers immediately.
To learn more about Elastic and the new DomainTools app, visit the integration overview page.