Domaintools Integration

XGEN SOAR Integration

With cyberattacks and the skills gap getting worse, SOCs can no longer afford to have analysts manually coordinate contextual data. Many analysts personally copy-and-paste domains and IPs hundreds of times per day in order to check their reputation. With D3’s DomainTools integration, you can automate that entire process to ensure that your analysts have the information they need for every incident.

Download Integration Guide



Integration features

1
Automatically enrich alerts with DomainTools intelligence
2
Use DomainTools risk scoring to inform prioritization in D3
3
Automatically block malicious IPs through D3’s playbooks
4
Benefit from flexible configuration options

Key Use Case

#1

Automated Domain Lookups

Detailed domain data from DomainTools is often the key to identifying false positives or serious threats. But it’s much more than just a list of domains: it also provides a valuable Reputation Score that analysts can use to block domains, and any others that might be linked. D3 automatically populates the incident record with detailed domain and IP data, instantly giving analysts full context on source and destination. A bad reputation can prompt the automated blocking of a domain, with or without analyst approval. The analyst can also see a list of linked incidents and IOCs in D3.
#2

Phishing Analysis

When a potential phishing email is escalated to D3, either through an email protection system or manually by the recipient, D3 extracts the sender’s domain and the URL of any links in the message. D3 then uses DomainTools to look up the reputation of the domains. Based on the result, the D3 user can then trigger a response playbook to block the IP, blacklist the sender, notify the email recipient, and orchestrate any other appropriate actions. If the risk score is deemed low, the incident can be closed as a false positive.
X DomainTools Integration