Microsoft Sentinel: DomainTools Apps¶
Overview¶
Microsoft Sentinel is Microsoft's Security Information and Event Management (SIEM) product. It includes integrated playbooks to help you develop your Security Orchestration, Automation and Response (SOAR) applications.
DomainTools offers three Logic Apps for Microsoft Sentinel that are designed to work independently or together to provide comprehensive domain intelligence and threat detection capabilities.
Available Integrations¶
| Integration | Purpose | Key Features | Rate Limit |
|---|---|---|---|
| Iris Investigate | Deep investigation of indicators | Whois, DNS, SSL, related infrastructure, guided pivots | 20 requests/min |
| Iris Enrich | High-volume enrichment | Fast domain enrichment with risk context | 60 requests/min |
| Farsight DNSDB | Passive DNS lookups | Historical DNS infrastructure data | Per quota |
Common Prerequisites¶
All DomainTools integrations for Microsoft Sentinel require:
- A Microsoft Power Apps or Power Automate plan with custom connector feature
- An Azure subscription
- Active DomainTools API credentials (specific to each product)
Getting Started¶
- Choose your integration: Review the table above to determine which integration(s) meet your needs
- Verify prerequisites: Ensure you have the required Azure subscriptions and API credentials
- Follow the installation guide: Each integration has detailed installation instructions
- Configure playbooks: Install and configure reference playbooks for automated enrichment
- Set permissions: Grant Logic Apps the necessary permissions to interact with Sentinel
Installation Overview¶
All integrations follow a similar installation pattern:
- Install from Azure Marketplace or Sentinel Content Hub
- Configure API connections with your DomainTools credentials
- Install reference playbooks
- Grant Microsoft Sentinel Responder permissions to Logic Apps
- Configure automation rules to trigger playbooks
For detailed installation instructions, see the individual integration guides.
Need Help?¶
- Troubleshooting: See the Troubleshooting guide for common issues
- Support: Contact enterprisesupport@domaintools.com
- Documentation: Visit the DomainTools API documentation