Powered by the largest real-time historical Domain & DNS infrastructure database customers can gain access to contextualized and operationalized threat intelligence
Seattle, June 6, 2024 – DomainTools, the leader in domain and DNS-based cyber threat intelligence, today announced enhancements to the DomainTools App for Splunk, Splunk Enterprise Security, and Splunk SOAR. Now, customers have access to contextualized and operationalized intelligence so they can effectively detect, investigate, and respond to the cybersecurity concerns of their business.
DomainTools integrates with Splunk to provide domain and DNS infrastructure intelligence, giving SOCs and IR teams the context needed to close gaps by connecting malicious activity observed on the network to nearly every domain on the internet.
The DomainTools App for Splunk Enterprise Security and Splunk SOAR will be demonstrated at Splunk .conf24 in Las Vegas, June 11-14. With these enhancements, all Splunk and DomainTools customers have access to:
- Predictive Risk Scoring: Gain access to pre-weaponized domains that are analyzed against the largest real-time historical Domain and DNS infrastructure database.
- Domain Monitoring: Discover and monitor newly registered domains associated with any term for appending block/allow lists.
- Guided Pivots: Build an “auto pivot” playbook that replicates typical analyst actions to proactively block connected infrastructure with precision.
- Historical Whois: Enhanced investigations with access to the largest historical domain ownership database for identification of potential risks associated with ownership changes.
“Having access to the contextual factors that encase security events is vital to any organization. Only then can an organization truly proactively mitigate risk. The DomainTools suite of products allows customers to enrich domains in real-time with tagging, domain risk score, historical Whois, IP, passive DNS, website, and SSL data to empower active detection and investigation,” said Anthony Johnson, Principal Product Manager, DomainTools.
The DomainTools Apps for Splunk, Splunk Enterprise Security, and Splunk SOAR provide direct access within Splunk to DomainTools industry-leading threat intelligence data on domain names, those who control them, and the infrastructure that supports them.
Download the DomainTools App for Splunk SOAR v1.5.1 now on Splunkbase: https://splunkbase.splunk.com/app/6010.
The DomainTools App for Splunk and Splunk Enterprise Security v5.0 will be available later this month on Splunkbase, for a demonstration visit the DomainTools booth #501 at Splunk .conf next week!
About DomainTools
DomainTools is the global leader for Internet intelligence and the first place security practitioners go when they need to know. The world’s most advanced security teams use our solutions to identify external risks, investigate threats, and proactively protect their organizations in a constantly evolving threat landscape. Learn more about how to connect the dots on malicious activity at http://www.domaintools.com or follow us on X and Mastodon: @domaintools.