ThreatConnect Marketplace
  • Apps
  • Playbooks
  • Apps
  • Playbooks
Home » Playbook Overview » DomainTools Iris Playbooks
Back to Apps

Categories:
  • Data Enrichment

DomainTools Iris Playbooks

The “DomainTools Iris – Auto-Pivot Host > Address > Hosts” Playbook begins with a User Action trigger on a Host indicator and auto-pivots on Reverse Whois where there are < X domains hosted by the IP Address. It is highly recommended that the $domaintools.auto_pivot.domain.limit variable be set to < 500, however, < 10 is a good place to begin if there isn’t currently an auto-pivot process in place. Once the auto-pivot takes place, the Playbook will add the IP and Host Indicators to the Incident along with DomainTools enrichment data in ThreatConnect.

The “DomainTools Iris – Host Enrichment” playbook begins with a User Action trigger on a Host Indicator. It requests the Domain Profile from DomainTools Iris and parses the results. It then adds an Attribute and Tags with the enrichment results from DomainTools.

These Playbook templates can be found in the ThreatConnect app catalog under the names: DomainTools Iris – Auto-Pivot Host > Address > Hosts and DomainTools Iris – Host Enrichment

Related Playbooks

Cisco Umbrella Reporting
Data Enrichment

With the Cisco Umbrella Reporting integration you are able to retrieve reports from Cisco Umbrella Reporting.

DomainTools Iris Search Hash Monitoring Playbook
Data Enrichment

This playbook not only provides DomainTools Iris enrichment, but can also be utilized to monitor specific Iris Search hashes...

Hyas Insight Enrichment Playbooks
Data Enrichment

With the HYAS Insight integration for ThreatConnect, SOC, CSIRT, and threat intel teams can connect specific attack instances...

Developers

  • Knowledge Base
  • Training Site

Company

  • ThreatConnect
  • Contact Us
  • Blog
  • Twitter
  • Facebook
  • Linkedin

© Copyright - ThreatConnect Marketplace
Scroll to top