Threat Intelligence Archives - DomainTools | Start Here. Know Now.

Anomali

Kelsey LaBelle — Tue, 26 Jul 2022 18:15:42 +0000

DNS-Based Cyber Threat Detection and Response

The DomainTools® Iris™ App for Anomali delivers a subset of DomainTools Iris data, together with pivot capability and domain risk score, directly to the analyst inside the Anomali Security Operations Platform. This integration enables rapid in-context assessments of domain name observables and discovery of connected domains that share the same IP, hostname, or SSL certificate hash.

Enrichment Powered by the DomainTools Iris Investigate API

Context Enrichment for Domains
Domain name observables offer a “DomainTools Iris” tab in the set of context enrichment options that provides:
- Domain Risk Score with supporting evidence and component scores from machine learning classifiers & proximity-based risk algorithms.
- Domain profile attributes from the DomainTools Iris dataset, including identity, infrastructure, web crawl and SSL details.
- Guided Pivot counts for each attribute to identify dedicated infrastructure, novel identities, and potential research pathways.
- Outbound link to DomainTools Iris to perform deeper analysis, with the domain name context preserved in the link to streamline the investigation process.
Pivot Enrichment

The DomainTools Iris App for Anomali provides a pivot-based enrichment that operates on observables in the “Explore” feature of Anomali Threatstream. Supported data types offer a “DomainTools Iris” option in the right-click context menu and return a subset of the Iris data as nodes on the pivot chart. These nodes enable further pivots.
Context Enrichment for IPs, Emails, and SSL Certificate Hashes
IP addresses, emails and SSL certificate hashes offer a “DomainTools Iris” tab in the set of available context options that provides the list of connected domain names that share the same observable value, with insights into their risk scores and age.
- List of connected domain names sourced from the Iris Investigate API.
- Domain Risk Score distribution across the list of connected domains.
- Domain age distribution across the list of connected domains.
Identify, Prioritize, and Respond to Threats

Context-based enrichment for domain names, IP addresses, hostnames, and SSL certificate hashes.

Download Data Sheet

Support and Learning

Blog

DomainTools Iris App for Anomali

Learn More
Webinars

Anomali Threatstream Powered by the DomainTools Iris Investigate API

Learn More
Blog

7 Most Popular Blog Posts of Q2 2019

Learn More

Anomali Threatstream

Anomali helps organizations find and respond to cyber threats. That’s our mission. We bring to your security team the one thing that’s been missing – external context. With Anomali you can now identify suspicious or malicious traffic before it even reaches your network. We turn threat intelligence into your cyber no-fly list, and seamlessly integrate this with your internal security and IT systems.

Learn More

The post Anomali appeared first on DomainTools | Start Here. Know Now..

CrowdStrike

Kelsey LaBelle — Tue, 26 Jul 2022 18:46:03 +0000

Predictive Risk Assessments

The DomainTools Iris Threat Intelligence App within CrowdStrike Falcon automates contextualization of domain indicators to assist users in making instantaneous decisions on malicious domain indicators. Falcon users can further their investigations by launching DomainTools Iris Investigate™ directly from the Falcon card, without disrupting their current investigation.

Key Benefits

Support and Learning

About CrowdStrike

CrowdStrike is a global cybersecurity leader that has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity, and data.

Powered by the CrowdStrike Security Cloud, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities. Purpose-built in the cloud, the Falcon platform enables partners to rapidly build best-in-class integrations to deliver customer-focused solutions that provide scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

The post CrowdStrike appeared first on DomainTools | Start Here. Know Now..

EclecticIQ

DomainTools — Tue, 26 Jul 2022 18:46:25 +0000

Eclectic IQ is a Threat Intelligence Platform (TIP) that empowers threat analysts to perform faster, better, and deeper investigations while disseminating intelligence at machine-speed.

Learn More About Eclectic IQ

The post EclecticIQ appeared first on DomainTools | Start Here. Know Now..

Maltego

Kelsey LaBelle — Tue, 26 Jul 2022 18:46:48 +0000

Streamlined Incident Response

Together, DomainTools® and Maltego have simplified cyber investigations to provide actionable insights and expedite the investigation process. Extending the rich DNS, Whois, and beyond Whois datasets, DomainTools integrates with Maltego to provide seamless workflows from the DomainTools Iris Investigate™ user interface directly to the Maltego graph.

Key Benefits

Empower Investigators and Analysts
- Map connected infrastructure, run correlations, look at attribution, highlight risky domains, etc. to surface meaningful insights
- Increase the chance of intersection with existing graph data from other sources to open up new investigative pathways
- Quickly identify which graph node to pivot on by consulting the Guided Pivot count present on nearly every entity these transforms act on
- Pivot and infer connection between one domain and another, assisting with mapping out a potential threat actor or group’s TTPs (tactics, techniques, and procedures) using guided pivots.
Domain Enrichment Transforms

These transforms operate on domain names and deliver Maltego entities or generic phrases that are ideally suited for follow-on enrichment with DomainTools transforms or those from other sources.
Investigate & Pivot Transforms

These transforms query the DomainTools Iris dataset and return domain names that share the same attributes as the value of the entity.

Support and Learning

Webinars

Accelerate Your Investigations with DomainTools and Maltego

Learn More
Webinars

Enrich Your Investigations With DomainTools Iris for Maltego

Learn More
Webinars

Put the “Go” In Maltego with DomainTools Iris Investigate

Learn More

About Maltego

Maltego is an interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet.

Learn More

The post Maltego appeared first on DomainTools | Start Here. Know Now..

MISP

Kelsey LaBelle — Tue, 26 Jul 2022 18:47:06 +0000

Uncover Threat Actor Infrastructure

The DomainTools® MISP module helps Threat Intelligence teams and Security Analysts uncover actor infrastructure and profile threats by leveraging DomainTools APIs. Utilizing both the hover and expansion capabilities of MISP, analysts receive additional context on indicators. This allows them to map connected infrastructure and surface historical domain information to better assess risk.

Key Benefits

DomainTools Iris Modules for MISP
- Gain context on domain names in MISP events with registration, infrastructure and SSL attributes
- Imports newly discovered and/or newly changed domains from DomainTools Iris Detect
- See essential domain attributes, including Risk Score with component classifiers and potential pivots, directly in MISP popups on domain attributes
- Pinpoint dedicated hosting, SSL certificate re-use, boutique hosting and shared identities with Guided Pivot counts in attribute comments
- Quickly identity opportunities to map connected infrastructure with Guided Pivot tags in the MISP event attribute list
Visit GitHub Repository
Domain Risk Score

Optimized for MISP hover actions, the Analyze capability provides Whois data, a Domain Risk Score and counts of connected domains to help give quick context on an indicator to inform an interesting pivot and map connected infrastructure.
Domain Discovery

The Historic capability will act on Domains or URLs to find historical context by expanding domain names to lists of registrars, IPs and emails historically connected with that indicator.
Guided Pivots

Optimized for enrichment actions, the Pivot capability provides additional context on indicators by automatically building out a list of connected infrastructure from the counts presented in the Analyze capability.

Support and Learning

Blog

DomainTools Iris for MISP

Learn More
Webinars

How DomainTools & MISP Enable an Effective Threat Intelligence Program

Learn More
Breaking Badness

109. The Big REvil

Listen Now

About MISP

MISP is a free and open source threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.

Learn More

The post MISP appeared first on DomainTools | Start Here. Know Now..

Polarity

DomainTools — Tue, 26 Jul 2022 18:47:55 +0000

Polarity improves decision-making by allowing users to capture, recall, and share intelligence across any workflow. In addition to bolstering collective memory, the Polarity user community has built over 80 integrations. When users subscribe to integration data, they are able to leverage all their data as part of the overlay across tools and workflows.

Learn More About Polarity

The post Polarity appeared first on DomainTools | Start Here. Know Now..

Recorded Future

DomainTools — Tue, 26 Jul 2022 18:48:15 +0000

Domain names factor into almost every variant of cyberattacks, and yet analysts must frequently consult multiple disparate resources to build a complete risk assessment. The DomainTools Iris Investigate API delivers a comprehensive domain profile in the Recorded Future Domain Intel Card, enabling rapid alert triage and response. With immediate, in-context access to the unparalleled DomainTools Iris dataset, analysts will gain domain data in a carefully designed, expandable manner allowing information groups be easily navigated.

Learn More About RecordedFuture

The post Recorded Future appeared first on DomainTools | Start Here. Know Now..

ThreatQ

DomainTools — Tue, 26 Jul 2022 18:48:36 +0000

ThreatQuotient delivers an open and extensible threat intelligence platform (TIP) to provide defenders the context, customization and collaboration needed for increased security effectiveness and efficient threat operations and management.

With the combination of DomainTools and the ThreatQ threat intelligence platform, organizations can leverage DomainTools data in ThreatQ to correlate with additional datasets and then export it into an organization’s existing security systems or ticketing systems, automating proactive threat management and mitigation.

Learn More About ThreatQuotient

The post ThreatQ appeared first on DomainTools | Start Here. Know Now..

Threat Intelligence Archives - DomainTools | Start Here. Know Now.

Anomali

DNS-Based Cyber Threat Detection and Response

Enrichment Powered by the DomainTools Iris Investigate API

Context Enrichment for Domains

Pivot Enrichment

Context Enrichment for IPs, Emails, and SSL Certificate Hashes

Identify, Prioritize, and Respond to Threats

Support and Learning

Anomali Threatstream

CrowdStrike

EclecticIQ

Maltego

Streamlined Incident Response

Key Benefits

Empower Investigators and Analysts

Domain Enrichment Transforms

Investigate & Pivot Transforms

Support and Learning

About Maltego

MISP

Uncover Threat Actor Infrastructure

Key Benefits

DomainTools Iris Modules for MISP

Domain Risk Score

Domain Discovery

Guided Pivots

Support and Learning

About MISP

Polarity

Recorded Future

ThreatQ