Integration Spotlight: DomainTools

Product Overview

Domain names factor into almost every variant of cyberattacks, and yet analysts must frequently consult multiple disparate resources to build a complete risk assessment. Instead, the DomainTools Iris Investigate API delivers a comprehensive domain profile directly to the Recorded Future Domain Intelligence Card, enabling rapid alert triage and response.

Challenges Overcome Through Integration

Domain names factor into almost every variant of cyberattacks, and yet analysts must frequently consult multiple disparate resources to build a complete risk assessment. Instead, the DomainTools Iris Investigate API delivers a comprehensive domain profile directly to the Recorded Future Domain Intelligence Card, enabling rapid alert triage and response.

Integration Description

The DomainTools solution for Recorded Future gives analysts immediate, in-context access to the unparalleled DomainTools Iris dataset. In the Recorded Future Domain Intelligence Card, DomainTools presents domain data in a carefully designed, expandable manner allowing information groups be easily navigated. 

Essential risk factors including domain age and registration status appear at the very top of Iris results to enable rapid threat assessments, including the Domain Risk Score. Domain Risk Score predicts how likely a domain is to be malicious, often before it is weaponized. This can close the window of vulnerability between the time a malicious domain is registered, and when it is observed and reported causing harm. The Domain Risk Score algorithms analyze a domain’s association to known-bad infrastructure, as well as intrinsic properties of the domain that closely resemble those of known phishing, malware, and spam domains. Data shown on the intel card includes the classifiers and evidence behind the score to better inform analyst actions.

Finally, analysts can continue their domain name research directly in the DomainTools Iris platform with a link that preserves their context and starts an Iris Investigation with the domain they were researching in Recorded Future.

Twitter:  @DomainTools

Website: www.domaintools.com