DomainTools is a leading provider of Whois and other DNS profile data for threat intelligence enrichment. DomainTools data helps security analysts investigate malicious activity on their networks.
Download Integration Guide
NextGen SOAR Integration
With cyberattacks and the skills gap getting worse, SOCs can no longer afford to have analysts manually coordinate contextual data. Many analysts personally copy-and-paste domains and IPs hundreds of times per day in order to check their reputation. With D3’s DomainTools integration, you can automate that entire process to ensure that your analysts have the information they need for every incident.
Automatically enrich alerts with DomainTools intelligence
Use DomainTools risk scoring to inform prioritization in D3
Automatically block malicious IPs through D3’s playbooks
Benefit from flexible configuration options
Key Use Case
Automated Domain Lookups
Detailed domain data from DomainTools is often the key to identifying false positives or serious threats. But it’s much more than just a list of domains: it also provides a valuable Reputation Score that analysts can use to block domains, and any others that might be linked. D3 automatically populates the incident record with detailed domain and IP data, instantly giving analysts full context on source and destination. A bad reputation can prompt the automated blocking of a domain, with or without analyst approval. The analyst can also see a list of linked incidents and IOCs in D3.
When a potential phishing email is escalated to D3, either through an email protection system or manually by the recipient, D3 extracts the sender’s domain and the URL of any links in the message. D3 then uses DomainTools to look up the reputation of the domains. Based on the result, the D3 user can then trigger a response playbook to block the IP, blacklist the sender, notify the email recipient, and orchestrate any other appropriate actions. If the risk score is deemed low, the incident can be closed as a false positive.
Meet Our Friends
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.