Skip to main content

Domain Enrichment - Generic v2

This Playbook is part of the Common Playbooks Pack.#

Enrich domains using one or more integrations. Domain enrichment includes:

  • Threat information
  • Domain reputation using !domain command

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

This playbook does not use any integrations.

Scripts#

This playbook does not use any scripts.

Commands#

  • umbrella-domain-categorization
  • domain

Playbook Inputs#


NameDescriptionDefault ValueRequired
DomainThe domain name to enrich.Domain.NameOptional
UseReputationCommandDefine if you would like to use the !url command.
Note: This input should be used whenever there is no auto-extract enabled in the investigation flow.
Possible values: True / False.
FalseRequired

Playbook Outputs#


PathDescriptionType
DomainThe domain objects.unknown
DBotScoreIndicator, Score, Type, and Vendor.unknown
Domain.NameBad domain found.unknown
Domain.Malicious.VendorFor malicious domains, the vendor that made the decision.unknown
DBotScore.IndicatorThe indicator that was tested.unknown
DBotScore.TypeThe indicator type.unknown
DBotScore.ScoreThe actual DBot score.unknown
DBotScore.ReliabilityReliability of the source providing the intelligence data.unknown

Playbook Image#


Domain Enrichment - Generic v2