Skip to main content

DomainTools Check Domain Risk Score By Iris Tags

This Playbook is part of the DomainTools Iris Investigate Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.6.0 and later.

DomainTools Check Domain Risk Score By Tags Playbook#

This playbook call iris ivestigate api with a given "tag". Check active domains with high risk score then alerts user and outputs all high risk domains in the current incident indicators.


This playbook uses the following sub-playbooks, integrations, lists and scripts.


This playbook does not use any sub-playbooks.


  • DomainTools Iris


Please install this scripts by DomainTools first before running the playbook.

  • SetIndicatorTableData


  • domaintoolsiris-pivot

Playbook Inputs#

NameDescriptionDefault ValueSourceRequired
dt_min_riskscore_thresholdThe minimum risk score threshold value to check.NoneNoneRequired
dt_monitored_iris_tagsThe Iris tags to lookup. Values should be a comma separated value. e.g. (tag1,tag2)NoneNoneRequired
should_wait_for_analyst_reviewFlags if users should wait for an analyst to review. Default is false. Value can be either true/false only.falseNoneRequired

Playbook Outputs#

This playbook outputs a high risk score domain as an indicator.