The DomainTools Iris App for Anomali creates tremendous value for our joint customers and amplifies the complementary values of both solutions. Customers will now benefit from the aggregation and overlay of DomainTools data with other internal and external sources in Anomali for context to determine whether or not to take action.
DomainTools Iris App currently enables the following Enrichment capabilities out-of-the-box for Iris customers:
- Pivot Enrichment
- Context Enrichment for Domains
- Context Enrichment of IPs, Emails, and SSL Certificate Hashes
Pivot Enrichment facilitates ad-hoc analyst-driven enrichment from within the Anomali’s context menus with the ease of a right click. This capability introduces in-line enrichment of Domain observables along with the critical DomainTools data set. Customers can now leverage Anomali’s pivot chart capability to visualize DomainTools intel within the platform.
Context Enrichment for Domains adds a DomainTools Iris tab within Anomali. This helps customers enrich Domain Indicators in a centralized place in the Anomali platform. Customers are able to bring in a subset of the Iris data set, including Guided Pivots and Risk Score to enable further investigations. Finally, we’ve added the ability to launch the DomainTools Iris platform directly from Anomali to facilitate a deeper investigation of the domain observables.
Context Enrichment of IPs, Emails, and SSLs Hashes enables users to discover connected domains associated with the Indicators, which otherwise would have remained unknown in the customer environment. We achieve this by enriching connected domain names that share the same observable value, with insights into their risk scores and age. The DomainTools analytics associated can drive further investigations within Anomali.
To complement these enrichments, there are now multiple DomainTools Analytics visualization that customers can readily access from within Anomali. These visualizations conveniently surface some key Domain aggregation data such as Distribution of Risks, and Age of Domains for at-a-glance consumption.
"Our goal with the Anomali and DomainTools integration is to automate and simplify access to DomainTools threat intelligence data which can be leveraged to contextualize, prioritize and mitigate threats. The DomainTools Iris App is built with the Anomali SDK, allowing for streamlined investigations."
Sourin Paul, Senior Product Manager - Integrations
Learn more about the Anomali and DomainTools integration: firstname.lastname@example.org
Topics:Threat Intelligence Platform