From Theory to Application: Introducing DomainTools Recipes
DomainTools offers a variety of ways to detect, enrich, and investigate domains and IP addresses that may pose a threat to your organization. But what happens when the detection, enrichment, and investigation are done? Great threat intelligence data can serve many functions in reports, other SOC tools, security controls, ISACs and similar sharing organizations, and more.
Many security teams obtain access to DomainTools data and run with it, plugging it into their environment as needed; but what works for one organization might not work for others. To help bridge that gap, DomainTools is introducing a series of what we call “recipes,” which are scripts, playbooks, and other ways to directly plug the intelligence you develop with DomainTools into other parts of your security ecosystem. Our objective is to deliver a set of recipes that enable specific capabilities that many practitioners have found valuable.
In this live demonstration, Tim Helming and Taylor Wilkes-Pierce of DomainTools will share:
- How to take DomainTools data and directly and efficiently apply in a variety of blocking, alerting, or forensic contexts
- What a DomainTools “recipe” consists of (including Slack integrations, threat-specific Iris queries, and more)
- Demonstration of recipes in action
- How to access the recipes to put them to use in your environment