Skip to content

DomainTools Iris SOAR Actions workflows

DomainTools Iris SOAR Actions is focused on providing utility to Fusion SOAR's workflows. These help you speed up your triage process by gathering the information you want when events occur.

For an introduction to workflow automation, see CrowdStrike's Introduction to Workflow Automation.

Workflow actions

DomainTools Iris actions

Once installed, this app will provide six actions in Fusion SOAR > Content Library:

  • DomainTools Iris - Get Account Info
  • DomainTools Iris - Get Hosting History
  • DomainTools Iris - Get Iris Riskscore
  • DomainTools Iris - Get Parsed Whois Record
  • DomainTools Iris - Get Whois History
  • DomainTools Iris - Iris Investigate Lookup

There is also one playbook available:

  • DomainTools Iris – Investigate Domain

Additional GET actions

This integration also contains more actions that will be visible in the workflow creator. These provide functionality to the DomainTools labeled actions, with naming conventions consistent with the API they interact with.

Included actions are as follows:

  • get_domainhotlist_feeds
  • get_domainrdap_feeds
  • get_domainrisk_feeds
  • get_dt_hosting_history
  • get_dt_whois_history
  • get_iris_riskscore_result
  • get_nad_feeds
  • get_nod_feeds

Avoid these actions and use the DomainTools-labeled actions also available in the creator.

Playbook description

This integration includes a pre-created playbook. It retrieves WHOIS records, hosting history, SSL details, risk score, and related domains to help you evaluate domain reputation and uncover potential associations during phishing or threat-hunting investigations.

Action descriptions

These actions bring DomainTools API functionality to automated workflows and trigger automatically when certain CrowdStrike events occur. You'll typically create playbooks and review results after an event. No actions are required. Pick and choose depending on the purpose of your workflow.

DomainTools Iris - Get Account Info

The Account Information API provides a quick and easy way to get a snapshot of API product usage for an account. Usage is broken down by day and by month. For more information, see Iris API Account Information.

DomainTools Iris - Get Hosting History

The Hosting History API provides a list of changes that have occurred in a domain name's registrar, IP address, and name servers. For more information, see Hosting History API.

DomainTools Iris - Get Iris Riskscore

Using the Iris Investigate API, this action extracts information related to risk scoring of the chosen domain. For more information, see Iris Investigate API.

DomainTools Iris - Get Parsed Whois Record

The Parsed WHOIS API provides parsed information extracted from the raw WHOIS record. For more information, see Parsed WHOIS API.

DomainTools Iris - Get Whois History

The WHOIS History API provides the most recent historical records for a domain sorted by the record date field. For more information, see WHOIS History API.

DomainTools Iris - Iris Investigate Lookup

The Iris Investigate API enables deep domain analysis and infrastructure mapping at human scale. For more information, see Iris Investigate API.

See also