Skip to content

DomainToolsIris#

README

Look up domain names, IP addresses, e-mail addresses, and SSL hashes using the popular DomainTools Iris service API.

The analyzer comes in 2 flavors:

  • DomainToolsIris_Investigate: Use DomainTools Iris API to investigate a domain.
  • DomainToolsIris_Pivot: Use DomainTools Iris API to pivot on ssl_hash, ip, or email.

Requirements#

You need a valid DomainTools API integration subscription to use the analyzer:

  • Provide your username as a value for the username parameter and API key as a value for the key parameter.
  • Set the pivot_count_threshold parameter to highlight any item below that value as being of interest in the report's template.

DomainToolsIris_Investigate#

Author: DomainTools
License: AGPL-V3
Version: 1.0
Supported observables types:
- domain
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://www.domaintools.com

Description#

Use DomainTools Iris API to investigate a domain.

Configuration#

username DomainTools Iris API credentials
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
key DomainTools Iris API credentials
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
pivot_count_threshold Pivot count threshold.
Default value if not configured 500
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

DomainToolsIris_Investigate long report sample

DomainToolsIris_Investigate mini report sample

DomainToolsIris_Pivot#

Author: DomainTools
License: AGPL-V3
Version: 1.0
Supported observables types:
- hash
- ip
- mail
Registration required: True
Subscription required: True
Free subscription: False
Third party service: https://www.domaintools.com

Description#

Use DomainTools Iris API to pivot on ssl_hash, ip, or email.

Configuration#

username DomainTools Iris API credentials
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
key DomainTools Iris API credentials
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True

Templates samples for TheHive#

DomainToolsIris_Pivot long report sample

DomainToolsIris_Pivot mini report sample