Smart SOAR Integration

With cyberattacks and the skills gap getting worse, SOCs can no longer afford to have analysts manually coordinate contextual data. Many analysts personally copy-and-paste domains and IPs hundreds of times per day in order to check their reputation. With D3’s DomainTools integration, you can automate that entire process to ensure that your analysts have the information they need for every incident.

Integration features

Automatically enrich alerts with DomainTools intelligence
Use DomainTools risk scoring to inform prioritization in D3
Automatically block malicious IPs through D3’s playbooks
Benefit from flexible configuration options

Key Use Case


Automated Domain Lookups

Detailed domain data from DomainTools is often the key to identifying false positives or serious threats. But it’s much more than just a list of domains: it also provides a valuable Reputation Score that analysts can use to block domains, and any others that might be linked. D3 automatically populates the incident record with detailed domain and IP data, instantly giving analysts full context on source and destination. A bad reputation can prompt the automated blocking of a domain, with or without analyst approval. The analyst can also see a list of linked incidents and IOCs in D3.

Phishing Analysis

When a potential phishing email is escalated to D3, either through an email protection system or manually by the recipient, D3 extracts the sender’s domain and the URL of any links in the message. D3 then uses DomainTools to look up the reputation of the domains. Based on the result, the D3 user can then trigger a response playbook to block the IP, blacklist the sender, notify the email recipient, and orchestrate any other appropriate actions. If the risk score is deemed low, the incident can be closed as a false positive.

Meet Our Friends

Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.

X DomainTools Integration

Get Started with D3 Security

One platform to stop alert overwhelm. Transform how your security team works, by focusing its resources on real threats.