Elastic Integrations¶
DomainTools offers two integration options for Elastic:
DomainTools App¶
A full-featured application that provides direct access to DomainTools threat intelligence within Elastic. The app includes dashboards, real-time enrichment, and domain profiling capabilities.
Key features:
- Threat intelligence dashboards for situational awareness
- Real-time enrichment of domain intelligence in Elastic indexes
- Ad-hoc domain investigations from within Kibana UI
- Flagging of domains tagged in DomainTools Iris
- Allowlist management for trusted domains
Best for: Organizations using Elastic SIEM who need comprehensive threat intelligence capabilities with visualization and enrichment.
Real-time Threat Feeds¶
A native Elastic integration that ingests DomainTools threat feeds directly into your Elastic stack. This integration uses Elastic's built-in integration framework.
Key features:
- Newly Observed Domains (NOD) feed ingestion
- Native Elastic integration (no extra services required)
- Standard Elastic data stream format
- Compatible with Elastic visualizations and alerts
Best for: Organizations that need threat feed data from DomainTools in Elastic without extra infrastructure.
Compare integrations¶
| Feature | DomainTools App | Threat Feeds |
|---|---|---|
| Installation complexity | Docker containers + Kibana plugin | Native Elastic integration |
| Infrastructure required | Backend service, LogStash configuration | Elastic stack only |
| Threat intelligence dashboards | ✓ Included | Build your own |
| Real-time enrichment | ✓ Included | Manual configuration |
| Domain profiling UI | ✓ Included | Not included |
| Data feeds | Via enrichment | Direct ingestion |
| Allowlist management | ✓ Included | Manual configuration |
| API requirements | Iris Investigate + Iris Enrich | Feed access |