DomainTools Check Domain Risk Score By Iris Tags
DomainTools Iris Investigate Pack.#
This Playbook is part of theSupported versions
Supported Cortex XSOAR versions: 6.6.0 and later.
#
DomainTools Check Domain Risk Score By Tags PlaybookThis playbook call iris ivestigate api with a given "tag". Check active domains with high risk score then alerts user and outputs all high risk domains in the current incident indicators.
#
DependenciesThis playbook uses the following sub-playbooks, integrations, lists and scripts.
#
Sub-playbooksThis playbook does not use any sub-playbooks.
#
Integrations- DomainTools Iris
#
ScriptsPlease install this scripts by DomainTools first before running the playbook.
SetIndicatorTableData
#
Commands- domaintoolsiris-pivot
#
Playbook InputsName | Description | Default Value | Source | Required |
---|---|---|---|---|
dt_min_riskscore_threshold | The minimum risk score threshold value to check. | None | None | Required |
dt_monitored_iris_tags | The Iris tags to lookup. Values should be a comma separated value. e.g. (tag1,tag2) | None | None | Required |
should_wait_for_analyst_review | Flags if users should wait for an analyst to review. Default is false. Value can be either true/false only. | false | None | Required |
#
Playbook OutputsThis playbook outputs a high risk score domain as an indicator.