Skip to main content

DomainTools Check New Domains by Iris Hash

This Playbook is part of the DomainTools Iris Investigate Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.6.0 and later.

DomainTools Check New Domains by Iris Search Hash Playbook#

This playbook retrieves domain from a given search hash with built-in “first_seen” param. Outputs all new domains in the current incident indicators.


This playbook uses the following sub-playbooks, integrations, lists and scripts.


This playbook does not use any sub-playbooks.


  • DomainTools Iris


Please install this scripts by DomainTools first before running the playbook.

  • SetIndicatorTableData


  • domaintoolsiris-pivot


This playbook does not use any custom lists.

Playbook Inputs#

NameDescriptionDefault ValueSourceRequired
iris_search_hashThe Iris Investigate search hash to pivot.NoneIris Investigate Searh HashRequired
should_wait_for_analyst_reviewFlags if users should wait for an analyst to review. Default is false. Value can be either true/false only.falseNoneRequired

Playbook Outputs#

This playbook outputs a new domain indicator based on the iris search hash result.