DomainTools Iris Investigate

This app supports investigative actions to profile domain names, get risk scores, and find connected domains that share the same Whois details, web hosting profiles, SSL certificates, and more on DomainTools Iris Investigate

Supported Actions

• test connectivity: Validate the asset configuration for connectivity
• domain reputation: Evaluates the risk of a given domain
• pivot action: Find domains connected by any supported Iris Investigate search parameter
• reverse domain: Extract IPs from a single domain response for further pivoting
• reverse ip: Find domains with web hosting IP, NS IP or MX IP
• load hash: Load or monitor Iris Investigate search results by Iris Investigate export hash
• reverse email: Find domains with email in Whois, DNS SOA or SSL certificate
• lookup domain: Get all Iris Investigate data for a domain using the Iris Investigate API endpoint (required)
• enrich domain: Get all Iris Investigate data for a domain except counts using the high volume Iris Enrich API endpoint (if provisioned)
• configure scheduled playbooks: Run on initial setup to configure the optional monitoring playbooks. This action creates a custom list to manage the playbook scheduling and run status
• on poll: Execute scheduled playbooks based on the set interval(mins) in 'domaintools_scheduled_playbooks' custom list. Smaller intervals will result in more accurate schedules
• nod feed: Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database
• nad feed: Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days