Google SecOps SOAR¶
Version 11.0
The DomainTools integration for Google SecOps SOAR (also referred to as Chronicle SOAR in the marketplace) embeds domain intelligence directly into your SOAR playbooks, enabling faster triage without switching tools.
Actions¶
| Action | Description |
|---|---|
| Iris Investigate Enrichment | Run a domain through DomainTools Iris Investigate from a playbook. Returns a comprehensive domain profile — connected infrastructure, related domains, and risk indicators. |
| Whois History | Surface historical WHOIS records to track ownership and registration changes over time. |
| Parsed RDAP Lookups | Pull structured RDAP registration data for any domain. Quickly answer "who registered this?" and "when?" |
| Connectivity Validation | Health check that validates your DomainTools API credentials and confirms the integration is configured correctly. |
Documentation¶
This integration is distributed and documented by Google. Full setup and configuration instructions are available in the Google SecOps marketplace documentation: