Skip to content

API Playbooks

Automate your threat intelligence workflows with DomainTools playbooks, scripts, and workflow examples. These resources help you integrate DomainTools intelligence into your security orchestration and automation platforms.

SOAR Playbooks

Pre-built automation playbooks for security orchestration, automation, and response (SOAR) platforms. These playbooks automate incident response activities using DomainTools intelligence.

Available Platforms:

  • Cortex XSOAR (Palo Alto)
  • Splunk SOAR (formerly Phantom)

Each platform has dedicated playbooks with installation instructions and usage guides.

View SOAR Playbooks Repository →

Workflow Examples

Example scripts and workflows demonstrating how to automate common threat intelligence tasks. These standalone examples show integration patterns and best practices.

Available Examples:

  • Getting Started - Introduction to DomainTools automation
  • Iris Enrich Bulk - Bulk domain enrichment workflows
  • Iris Investigate Bulk - Bulk investigation automation
  • Typosquatting DNSDB - Detect typosquatting domains using DNSDB
  • Bulk Whois - Automated bulk Whois lookups

Community Examples

These workflow examples are provided as community resources and are not officially supported by DomainTools. Use at your own discretion.

View Workflow Examples Repository →

Getting Started

  1. Choose your platform - Select SOAR playbooks for your platform or standalone workflow examples
  2. Review the README - Each playbook/example has detailed instructions in its directory
  3. Configure credentials - Set up your DomainTools API credentials
  4. Import and test - Import the playbook/script and test with sample data

Use Cases

Common automation scenarios these playbooks support:

  • Incident Response - Automatically investigate suspicious domains during security incidents
  • Threat Hunting - Proactively search for infrastructure patterns across your environment
  • Domain Monitoring - Track changes to domains of interest
  • Bulk Analysis - Process large lists of domains for threat assessment
  • Alert Enrichment - Enhance security alerts with domain intelligence

Support

For questions about these playbooks and examples:

  • SOAR Playbooks: Contact the DomainTools Integrations team
  • Workflow Examples: Community-supported via GitHub issues
  • API Questions: See API Documentation or contact support