DomainTools Iris Search Hash Monitoring Playbook

This playbook not only provides DomainTools Iris enrichment, but can also be utilized to monitor specific Iris Search hashes to provide continuous updates. This playbook coupled ThreatConnect’s versatile dashboards provides analysts with the most up to date information automatically.

This playbook takes an Iris search hash signature object and extracts all domains from that query. Then each domains is enriched with DomainTools meta data and created as host indicators inside the TC platform. A threat rating and confidence level is also set on the Host Indicator depending on the DomainTools Overall Risk score.