DomainTools (Deprecated)
DomainTools Enterprise (Deprecated) Pack.#
This Integration is part of theDeprecated
Use DomainTools Iris Pack instead.
Domain name, DNS and Internet OSINT-based cyber threat intelligence and cybercrime forensics products and data
#
Configure DomainTools in CortexParameter | Required |
---|---|
DomainTools API URL | True |
API Username | True |
API Key | True |
Trust any certificate (not secure) | False |
Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
domainRetrieve domain information.
Notice: Submitting indicators using this command might make the indicator data publicly available. See the vendor’s documentation for more details.
#
Base Commanddomain
#
InputArgument Name | Description | Required |
---|---|---|
domain | Domain name to check reputation. | Required |
long | Should we return full response with detected URLs. | Optional |
sampleSize | The number of samples from each type (resolutions, detections, etc.) to display for long format. | Optional |
threshold | If number of positive detected domains is bigger than the threshold we will consider it malicious. | Optional |
wait | Wait time between tries if we reach the API rate limit in seconds. | Optional |
retries | Number of retries for API rate limit. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Domain.Name | unknown | The tested domain |
Domain.RiskScore | unknown | The reputation returned from DomainTools |
Domain.Malicious.Vendor | unknown | For malicious domains, the vendor that made the decision |
DBotScore.Indicator | unknown | The indicator that was tested. |
DBotScore.Type | unknown | The indicator type. |
DBotScore.Vendor | unknown | The vendor used to calculate the score. |
DBotScore.Score | unknown | The actual score. |
#
Command Example#
Human Readable Output#
reverseIPReverse loopkup of an IP address
#
Base CommandreverseIP
#
InputArgument Name | Description | Required |
---|---|---|
ip | (default) specify IP address. | Optional |
domain | If you provide a domain name, DomainTools will respond with the list of other domains that share the same IP. | Optional |
limit | Limits the size of the domain list than can appear in a response. The limit is applied per-IP address, not for the entire request. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Domain.Name | unknown | Domain name |
Domain.DNS.Address | unknown | IP address |
#
Command Example#
Human Readable Output#
reverseWhoisReverse lookup of whois information
#
Base CommandreverseWhois
#
InputArgument Name | Description | Required |
---|---|---|
terms | (mandatory and default) List of one or more terms to search for in the Whois record, separated with the pipe character ( | ). | Required |
exclude | Domain names with Whois records that match these terms will be excluded from the result set. Separate multiple terms with the pipe character ( | ). | Optional |
onlyHistoricScope | Show only historic records. Possible values are: true, false. Default is false. | Optional |
quoteMode | Only lists the size and retail price of the query if you have per-domain pricing access purchase : includes the complete list of domain names that match the query. Default is purchase. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Domain.Name | unknown | Name of domain |
#
Command Example#
Human Readable Output#
whoisHistoryDisplay a history of whois for a given domain
#
Base CommandwhoisHistory
#
InputArgument Name | Description | Required |
---|---|---|
domain | Specify domain e.g. mycompany.com. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Domain.Name | unknown | Name of domain |
Domain.WhoisHistory | unknown | Domain Whois history data |