Back to Integrations anomali logoRequest a Demo
Integrations SIEM Threat Intelligence

Anomali

DNS-Based Cyber Threat Detection and Response

The DomainTools® Iris™ App for Anomali delivers a subset of DomainTools Iris data, together with pivot capability and domain risk score, directly to the analyst inside the Anomali Security Operations Platform. This integration enables rapid in-context assessments of domain name observables and discovery of connected domains that share the same IP, hostname, or SSL certificate hash.

Enrichment Powered by the DomainTools Iris Investigate API

  • Context Enrichment for Domains

    Domain name observables offer a “DomainTools Iris” tab in the set of context enrichment options that provides:

    • Domain Risk Score with supporting evidence and component scores from machine learning classifiers & proximity-based risk algorithms.
    • Domain profile attributes from the DomainTools Iris dataset, including identity, infrastructure, web crawl and SSL details.
    • Guided Pivot counts for each attribute to identify dedicated infrastructure, novel identities, and potential research pathways.
    • Outbound link to DomainTools Iris to perform deeper analysis, with the domain name context preserved in the link to streamline the investigation process.

  • Pivot Enrichment

    The DomainTools Iris App for Anomali provides a pivot-based enrichment that operates on observables in the “Explore” feature of Anomali Threatstream. Supported data types offer a “DomainTools Iris” option in the right-click context menu and return a subset of the Iris data as nodes on the pivot chart. These nodes enable further pivots.

  • Context Enrichment for IPs, Emails, and SSL Certificate Hashes

    IP addresses, emails and SSL certificate hashes offer a “DomainTools Iris” tab in the set of available context options that provides the list of connected domain names that share the same observable value, with insights into their risk scores and age.

    • List of connected domain names sourced from the Iris Investigate API.
    • Domain Risk Score distribution across the list of connected domains.
    • Domain age distribution across the list of connected domains.

  • Identify, Prioritize, and Respond to Threats

    Context-based enrichment for domain names, IP addresses, hostnames, and SSL certificate hashes.

    Download Data Sheet

Support and Learning

Anomali Threatstream

Anomali helps organizations find and respond to cyber threats. That’s our mission. We bring to your security team the one thing that’s been missing – external context. With Anomali you can now identify suspicious or malicious traffic before it even reaches your network. We turn threat intelligence into your cyber no-fly list, and seamlessly integrate this with your internal security and IT systems.

Learn More

DomainTools Partner Integrations
Splunk SOAR
anomali logo
Tines Logo
Crowdstrike
EclecticIQ
Elastic
Exabeam logo
IBM Resilient
IBM QRadar
DomainTools Logo
Pricing Contact Login Support Request a Demo

© 2024 DomainTools

DomainTools® and DomainTools™ are owned by DomainTools, all rights reserved.

Privacy Policy    |    California Privacy Notice
Do Not Sell My Personal Information    |    Terms of Service    |    Sitemap