June 19, 2019
Joe Franscella

Anomali Adds DomainTools Iris to APP Store

<p>The DomainTools Iris App for Anomali creates tremendous value for our joint customers and amplifies the complementary values of both solutions. Customers will now benefit from the aggregation and overlay of DomainTools data with other internal and external sources in Anomali for context to determine whether or not to take action.</p><p>DomainTools Iris App currently enables the following Enrichment capabilities out-of-the-box for Iris customers:</p><ul><li>Pivot Enrichment</li><li>Context Enrichment for Domains</li><li>Context Enrichment of IPs, Emails, and SSL Certificate Hashes</li></ul><p><em><strong>Pivot Enrichment</strong></em> facilitates ad-hoc analyst-driven enrichment from within the Anomali’s context menus with the ease of a right click. This capability introduces in-line enrichment of Domain observables along with the critical DomainTools data set. Customers can now leverage Anomali’s pivot chart capability to visualize DomainTools intel within the platform.</p><p style="text-align: center;"><br /> <img alt="Pivot Enrichment" src="https://wwwlegacy.anomali.com/images/uploads/blog/Pivot-Enrichment.png" /></p><p><em><strong>Context Enrichment for Domains</strong></em> adds a DomainTools Iris tab within Anomali. This helps customers enrich Domain Indicators in a centralized place in the Anomali platform. Customers are able to bring in a subset of the Iris data set, including Guided Pivots and Risk Score to enable further investigations. Finally, we’ve added the ability to launch the DomainTools Iris platform directly from Anomali to facilitate a deeper investigation of the domain observables.</p><p style="text-align: center;"><img alt="Context Enrichment for Domains" src="https://wwwlegacy.anomali.com/images/uploads/blog/Context-Enrichment-for-Domains.png" /></p><p><em><strong>Context Enrichment of IPs, Emails, and SSLs Hashes</strong></em> enables users to discover connected domains associated with the Indicators, which otherwise would have remained unknown in the customer environment. We achieve this by enriching connected domain names that share the same observable value, with insights into their risk scores and age. The DomainTools analytics associated can drive further investigations within Anomali.</p><p style="text-align: center;"><img alt="Context Enrichment of IPs, Emails, and SSLs Hashes" src="https://wwwlegacy.anomali.com/images/uploads/blog/Context-Enrichment-of-IPs-Emails-and-SSLs-Hashes.png" /></p><p>To complement these enrichments, there are now multiple <em><strong>DomainTools Analytics visualization</strong></em> that customers can readily access from within Anomali. These visualizations conveniently surface some key Domain aggregation data such as Distribution of Risks, and Age of Domains for at-a-glance consumption.</p><p style="text-align: center;"><img alt="DomainTools Analytics visualization" src="https://wwwlegacy.anomali.com/images/uploads/blog/DomainTools-Analytics-visualization.png" /></p><blockquote><p>"Our goal with the Anomali and DomainTools integration is to automate and simplify access to DomainTools threat intelligence data which can be leveraged to contextualize, prioritize and mitigate threats. The DomainTools Iris App is built with the Anomali SDK, allowing for streamlined investigations."</p><p>Sourin Paul, Senior Product Manager - Integrations</p></blockquote><p>Learn more about the Anomali and DomainTools integration: <a href="mailto:info@anomali.com">info@anomali.com</a></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.