Iris Threat Intelligence

Iris Threat Intelligence is one of two integrations that DomainTools provides for CrowdStrike.

Overview

Available in the CrowdStrike marketplace, DomainTools Iris provides predictive risk scores and DNS intelligence in the CrowdStrike Falcon platform.

To use the app you must have an account with DomainTools and access to Iris with an API key.

Installation and configuration

This integration exists in the CrowdStrike ecosystem under two names. On the publicly available CrowdStrike marketplace it is available with the name DomainTools Iris. On the CrowdStrike Store, available in the hamburger menu of your CrowdStrike environment, it has the name Iris Threat Intelligence. Both install the same app and use the same configuration steps.

Using the CrowdStrike Store:

• Select CrowdStrike Store from the hamburger menu
• Search "DomainTools"
• Select Iris Threat Intelligence
• Select Try it free
• Input your API username and key.
  • Visit your DomainTools API Dashboard for your username and key. See Authentication for details.
• Select Agree & Request Trial
• Wait for access to begin using the app

Usage

This integration provides DomainTools Iris information directly in CrowdStrike Falcon's platform. Available in a dropdown, Iris provides a domain threat profile, predictive risk scoring, and DNS intelligence. While you'll primarily use it when assessing Indicators of Compromise (IOCs), you can access Iris anywhere you see a domain.

If you have questions on the output, see the Iris Investigate User Guide.

See also

• Iris API Error Codes
• DomainTools Iris SOAR Actions