Skip to main content

DomainTools Iris Investigate

Download With Dependencies

Facilitates automation of key infrastructure characterization and hunting portions of the incident response process. Organizations will have access to essential domain profile, web crawl, SSL, and infrastructure data from within Cortex XSOAR. Requires a DomainTools Iris Investigate API key.

Together, DomainTools and Cortex XSOAR automate and orchestrate the incident response processes with essential domain profile, web crawl, SSL, and infrastructure data delivered by the DomainTools Iris Investigate API. SOCs can create custom, automated workflows to trigger Indicator of Compromise (IoC) investigations, block threats based on connected infrastructure, and identify potentially malicious incidents before weaponization.

With the DomainTools Iris App for Cortex XSOAR, the Iris dataset is available not only for ad-hoc War-Room investigations on specific incidents, but also for automated actions. Organizations will be able to fetch a complete Iris profile for a domain name including:

  • IP address and hostname details for the name servers, mail servers, and web servers powering the domain.
  • SSL certificate details and tracking codes for the website hosted on the domain.
  • Gathers email addresses extracted from DNS SOA records.
  • Provides DomainTools Risk Score with components and evidence.

This app requires an Iris Investigate API key. Please contact sales@domaintools.com for a trial.

For more information, visit DomainTools Iris App for Cortex XSOAR

PUBLISHER

DomainTools

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByPartner
CreatedJuly 20, 2020
Last ReleaseAugust 9, 2022
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.