For Security Operations Centers (SOCs), Fraud Analysts and Solution Vendors that need to integrate DomainTools data into their existing workflows, we offer comprehensive and scalable APIs. The DomainTools APIs are used by customers and partners to put DomainTools data adjacent to their network through partner pass-through integrations to enable workflows in TIP, Orchestration and SIEM technologies. Additionally, the DomainTools APIs are REST based and come with pre-written Python wrappers making it easy to incorporate into your own internal tools as you see fit.
Domain-based threat intelligence is a natural complement to many security products.
Integrate into SIEM and detection tools to provide domain profile information in “one pane of glass.”
Scale your efforts by leveraging DomainTools data directly into your workflows.
Iris Detect API | Iris Enrich API | Iris Investigate API | |
---|---|---|---|
Rate Limit | 1/hour each New & Changed domains | 60/minute | 20/minute |
API Complexity | Multiple REST endpoints (New, Changed, Domain Triage calls) | Single REST Endpoint | Single REST Endpoint |
Optimization | Hourly freshness | Fast Response | Data Thoroughness |
Domain Profiles | Always included | Always included | Always included |
Pivot Counts | N/A | - | All fields |
Risk Score | Included, with evidence | Included | Included, with evidence |
Batch Processing | Up to 100 domains/call | Up to 100 domains/call | Up to 100 domains/call |
Pivots | N/A | - | One endpoint, most fields |
Query Allocation | Indpendent service levels | Independent service levels | Shared with Iris web app |
Packaging | Included with Detect | Sold Separately | Included with Iris |
Monitoring | N/A | Domains Only | With a query parameter |
A selection of documents and materials related to DomainTools industry topics.
In this video, we demonstrate how our data sets are presented in the Iris platform and some ideas on making d
DomainTools Iris Enrich enables workflows with rich context for quick triaging, automated investigations with domain and DNS data, and threat data enrichment to establish rule-driven actions.
Install the Domaintools Iris Integration for TheHive and Cortex.
The Cortex XSOAR Iris App brings contextual DNS intelligence from DomainTools Iris to Demisto.
Efficiently respond to events in real-time when collecting and aggregating domain intelligence and analytics, thus reducing the Mean Time To Respond (MTTR).
The DomainTools App for Elastic is an out-of-the-box solution that provides direct access to DomainTools' industry-leading threat intelligence data within Elastic.