Skip to main content


Domain name, DNS and Internet OSINT-based cyber threat intelligence and cybercrime forensics products and data

Together, DomainTools and Cortex XSOAR automate and orchestrate the incident response processes with essential domain profile, web crawl, SSL, and infrastructure dat delivered by the DomainTools Iris Investigate API. SOCs can create custom, automated workflows to trigger Indicator of Compromise (IoC) investigations, block threats based on connected infrastructure, and identify potentially malicious incidents befor weaponization.

With the DomainTools Classic App for Cortex XSOAR, the DomainTools Enterprise APIs are available not only for ad-hoc War-Room investigations on specific incidents, but also for automated actions.

  • Profile domains and receive reputation scores.
  • Find domains based off IP, Name Server, or whois using the reverseIP, reverseNS, and reverseWhois commands.
  • See whois data including parsed whois and whois history.

This app requires a DomainTools Enterprise Research API subscription. Please contact for a trial.




CertificationRead more
Supported ByPartner
CreatedNovember 25, 2020
Last ReleaseDecember 2, 2021

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.