Anomali: DomainTools Integrations¶
DomainTools provides integrations for the Anomali ThreatStream platform to deliver domain intelligence, risk scoring, and domain monitoring capabilities directly within your threat intelligence workflows.
Available integrations¶
Iris App¶
The DomainTools Iris App delivers domain enrichment, risk scoring, and pivot analysis directly inside Anomali ThreatStream. Powered by the Iris Investigate API, the app provides context enrichment for domains, IPs, emails, and SSL certificates, along with DNSDB passive DNS data and guided pivot capabilities for infrastructure analysis.
Key features:
- Domain Risk Score with component scores and supporting evidence
- Domain profile attributes including identity, infrastructure, web crawl, SSL, and RDAP data
- Guided Pivot counts for infrastructure analysis
- DNSDB passive DNS enrichment for domain observables
- Graph-based pivot enrichment for connected infrastructure discovery
- Outbound links to the DomainTools Iris Investigation Platform
Best for: Security analysts who need in-context domain investigation and enrichment within ThreatStream observables.
Get started with the Iris App →
Iris Detect feed¶
Iris Detect is available as a Premium Feed in the ThreatStream App Store. It monitors internet infrastructure using the DomainTools discovery engine to detect and risk-score new domains within minutes of registration, delivering domain threat intelligence directly into ThreatStream.
Key features:
- Automated new domain discovery and risk scoring
- Premium Feed integration with ThreatStream indicators
- Severity mapping based on DomainTools Risk Score
- Monitor-specific filtering by Monitor ID
- Tag enrichment with threat profile, monitor term, and domain status
Best for: Brand protection, fraud prevention, and security teams that need to monitor and respond to newly registered domains.
Get started with Iris Detect →
Need help?¶
For questions about DomainTools integrations with Anomali, contact DomainTools Enterprise Support.