The DomainTools® App within Splunk SOAR enables you to block domain names based on Domain Risk Score, identify malicious connected infrastructure, and pivot within playbooks.
Precisely Target Alerts and Hunt Threats Across Your Enterprise
Enhance Your Playbooks
Use Domain Risk Score to predict how likely a domain is to be malicious and take automated actions informed by the severity and classification of the threat
Leverage domain name and IP address Whois lookups in ad-hoc actions on events
Make automated decisions in playbooks to enrich a Splunk event with connected domains and even block them proactively
Add domain name profiles, ownership history and hosting history automatically in any Splunk playbook
Discover how many domains share an identity, a name server, or a hosting IP
Find recently registered domains that match a keyword
Automate Your Playbooks
Speed incident handling by ensuring analysts have everything they need to triage an event
Avoid context switching and preserve important artifacts in an event context
Efficiently execute the best analyst workflows with no manual interventions
Take targeted action on risky domains informed by machine learning classifiers
The Splunk SOAR platform is designed to help customers dramatically scale their security operations. With Splunk, you can automate tasks, orchestrate workflows, and support a broad range of SOC functions including event and case management, collaboration, and reporting.
Request a Demo
