DomainTools Iris SOAR Actions¶
Overview¶
Available only in the CrowdStrike Store, DomainTools Iris SOAR Actions provides DomainTools API functionality to CrowdStrike Falcon's Fusion SOAR. This lets you gather data on WHOIS records, hosting and registry history, domain risk scores, and Iris Investigate results through workflow actions.
- WHOIS and Hosting History: Retrieve parsed WHOIS data and hosting records to uncover registration patterns and infrastructure reuse.
- Domain Risk Scoring: Analyze domain risk using Iris scoring to prioritize suspicious indicators in investigations.
- Investigation Enrichment: Use DNS, registrar, and attribution metadata to contextualize alerts and accelerate response workflows.
To use the app you must have an account with DomainTools and access to Iris and Lookups and Monitors with an API key.
Installation and configuration¶
- Select CrowdStrike Store from the hamburger menu
- Search "DomainTools"
- Select DomainTools Iris SOAR Actions
- Select Try it free
- Input your API username and key.
- Visit your DomainTools API Dashboard for your username and key. See Authentication for details.
- Select Agree & Request Trial
- Wait for access to begin using the app
Next steps¶
- DomainTools Iris SOAR Actions workflows — descriptions and usage for each available action and playbook
- Authentication — manage your API credentials
- Lookups and Monitors API — reference for the APIs powering these actions