DomainTools 101: The Art of Tracking Threat Actors

DomainTools Guide to Threat Hunting with Splunk and Phantom

According to the SANS 2018 Threat Hunting Survey Results, 75% of IT professionals said their organizations have reduced their attack surface as a result of more aggressive threat-hunting while 59% credited the approach for enhancing incident response speed and accuracy.

DomainTools Iris can help you bring these outcomes to your security practice, especially when you leverage the Iris dataset to enrich your logs in Splunk and execute incident response playbooks in Phantom.

With the enhancements to our Splunk Technology Add-on, we’ve enabled security teams to take indicators from their network, including domains and IPs, and connect them with the comprehensive DomainTools Iris dataset. Those connections inform risk assessments, profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure.

Orchestration and automation are vital to scaling those activities, which is why teams have leveraged DomainTools in Phantom almost since it was launched. Now, we’re extending those capabilities with the Iris Investigate API to enable guided pivots and smarter blocking decisions in your playbooks.

In this webinar, Mark Kendrick, Director of Product Integrations will be showing how our customers leverage the capabilities of the rich Iris data set with these products to provide better visibility and context into their network traffic, gain event enrichment-at-scale, and garner proactive risk scoring with selective targeting.

In this webinar, you will learn:

  • Where you can surface meaningful alerts to identify malicious intent
  • How to immediately access dozens of attributes attached to every domain event in Splunk
  • How batch processing helps scale enrichment to cover massive data sources
  • How to use Risk Score, Proximity and Threat Profile classifiers to manage alert fatigue
  • How to build playbooks in Phantom that replicate the smartest analyst workflows