Together, DomainTools and Cortex XSOAR automate and orchestrate the incident response processes with essential domain profile, web crawl, SSL, and infrastructure data delivered by the DomainTools Iris Investigate API. SOCs can create custom, automated workflows to trigger Indicator of Compromise (IoC) investigations, block threats based on connected infrastructure, and identify potentially malicious incidents before weaponization.
With the DomainTools Iris App for Cortex XSOAR, the Iris dataset is available not only for ad-hoc War-Room investigations on specific incidents, but also for automated actions. Organizations will be able to fetch a complete Iris profile for a domain name including:
- IP address and hostname details for the name servers, mail servers, and web servers powering the domain.
- SSL certificate details and tracking codes for the website hosted on the domain.
- Gathers email addresses extracted from DNS SOA records.
- Provides DomainTools Risk Score with components and evidence.
This app requires an Iris Investigate API key. Please contact firstname.lastname@example.org for a trial.
For more information, visit DomainTools Iris App for Cortex XSOAR