Actions Reference¶
This page documents all supported actions for the DomainTools App for Splunk SOAR.
Supported Actions¶
The following actions are supported:
- Test Connectivity - Validate the asset configuration for connectivity
- Domain Reputation - Evaluate the risk of a given domain
- Pivot Action - Find domains connected by any supported Iris Investigate search parameter
- Reverse Domain - Extract IPs from a single domain response for further pivoting
- Reverse IP - Find domains with web hosting IP, NS IP or MX IP
- Load Hash - Load or monitor Iris Investigate search results by Iris Investigate export hash
- Reverse Email - Find domains with email in Whois, DNS SOA or SSL certificate
- Domain Risk Feed - Ingest real-time feed of high-risk domains (risk score 70+)
- Domain Hotlist Feed - Ingest real-time feed of active high-risk domains (24-hour activity)
- Lookup Domain - Get all Iris Investigate data for a domain using the Iris Investigate API endpoint (required)
- Enrich Domain - Get all Iris Investigate data for a domain except counts using the high volume Iris Enrich API endpoint (if provisioned)
- Configure Scheduled Playbooks - Run on initial setup to configure the optional monitoring playbooks
- On Poll - Execute scheduled playbooks based on the set interval in domaintools_scheduled_playbooks custom list
Test Connectivity¶
Validate the asset configuration for connectivity.
Type: test Read only: True
Action Parameters¶
This action requires no parameters.
Action Output¶
No Output
Domain Reputation¶
Evaluate the risk of a given domain.
Type: Investigate Read only: True
Action Parameters¶
| Parameter | Required | Description | Type | Contains |
|---|---|---|---|---|
| domain | required | Domain or comma-separated list of domains to query | string | url domain |
Action Output¶
| Data Path | Type | Contains | Example Values |
|---|---|---|---|
| action_result.parameter.domain | string | url domain | |
| action_result.data | string | ||
| action_result.status | string | success failed | |
| action_result.message | string | ||
| action_result.summary.domain_risk | numeric | ||
| action_result.summary.zerolisted | boolean | True False | |
| action_result.summary.proximity | numeric | ||
| action_result.summary.threat_profile | numeric | ||
| action_result.summary.threat_profile_malware | numeric | ||
| action_result.summary.threat_profile_phishing | numeric | ||
| action_result.summary.threat_profile_spam | numeric | ||
| summary.total_objects | numeric | 1 | |
| summary.total_objects_successful | numeric | 1 |
Pivot Action¶
Find domains connected by any supported Iris Investigate search parameter.
Type: Investigate Read only: True
Action Parameters¶
| Parameter | Required | Description | Type | Contains |
|---|---|---|---|---|
| query_value | required | Value to query | string | url domain ip email |
| pivot_type | required | Field to pivot on | string | |
| status | optional | Return domains of this registration type | string | |
| data_updated_after | optional | Iris Investigate records that were updated on or after midnight on this date, in YYYY-MM-DD format or relative options ( 'today', 'yesterday' ) | string | |
| tld | optional | Limit results to only include domains in a specific top-level domain (i.e. "tld=com" or "tld=ru") | string | |
| create_date | optional | Only include domains created on a specific date, in YYYY-MM-DD format or relative options ( 'today', 'yesterday' ) | string | |
| create_date_within | optional | Only include domains with a whois create date within the specified number of days (e.g. specifying '1' would indicate within the past day) | string | |
| first_seen_within | optional | Only include domains with a current lifecycle first observed within the specified number of seconds (e.g. specifying '86400' would indicate within the past day) | string | |
| first_seen_since | optional | Only include domains with a current lifecycle first observed since a specified datetime. (Example: 2023-04-10T00:00:00+00:00) | string | |
| expiration_date | optional | Only include domains expiring on a specific date, in YYYY-MM-DD format or relative options ( 'today', 'yesterday' ) | string |
Action Output¶
| Data Path | Type | Contains | Example Values |
|---|---|---|---|
| action_result.parameter.create_date | string | ||
| action_result.parameter.create_date_within | string | ||
| action_result.parameter.data_updated_after | string | ||
| action_result.parameter.first_seen_within | string | ||
| action_result.parameter.first_seen_since | string | ||
| action_result.parameter.expiration_date | string | ||
| action_result.data.*.first_seen.count | numeric | ||
| action_result.data.*.first_seen.value | string | ||
| action_result.data.*.server_type.count | numeric | ||
| action_result.data.*.server_type.value | string | ||
| action_result.data.*.website_title.count | numeric | ||
| action_result.data.*.website_title.value | string | ||
| action_result.parameter.pivot_type | string | ||
| action_result.parameter.query_value | string | url domain ip email | |
| action_result.parameter.status | string | ||
| action_result.parameter.tld | string | ||
| action_result.data.*.domain | string | domain | |
| action_result.data.*.domain_risk.risk_score | numeric | ||
| action_result.data.*.domain_risk.risk_score_string | string | ||
| action_result.status | string | success failed | |
| action_result.message | string | ||
| action_result.summary | string | ||
| summary.total_objects | numeric | 1 | |
| summary.total_objects_successful | numeric | 1 |
Reverse Domain¶
Extract IPs from a single domain response for further pivoting.
Type: Investigate Read only: True
Action Parameters¶
| Parameter | Required | Description | Type | Contains |
|---|---|---|---|---|
| domain | required | Domain or comma-separated list of domains to query | string | url domain |
Action Output¶
| Data Path | Type | Contains | Example Values |
|---|---|---|---|
| action_result.parameter.domain | string | url domain | |
| action_result.data | string | ||
| action_result.data.*.first_seen.count | numeric | ||
| action_result.data.*.first_seen.value | string | ||
| action_result.data.*.server_type.count | numeric | ||
| action_result.data.*.server_type.value | string | ||
| action_result.data.*.website_title.count | numeric | ||
| action_result.data.*.website_title.value | string | ||
| action_result.status | string | success failed | |
| action_result.message | string | ||
| action_result.summary.ip_list.*.count | numeric | ||
| action_result.summary.ip_list.*.count_string | string | ||
| action_result.summary.ip_list.*.ip | string | ip | |
| action_result.summary.ip_list.*.type | string | ||
| summary.total_objects | numeric | 1 | |
| summary.total_objects_successful | numeric | 1 |
Reverse IP¶
Find domains with web hosting IP, NS IP or MX IP.
Type: Investigate Read only: True
Action Parameters¶
| Parameter | Required | Description | Type | Contains |
|---|---|---|---|---|
| ip | required | IP address to query | string | ip |
| status | optional | Return domains of this registration type | string | |
| data_updated_after | optional | Iris Investigate records that were updated on or after midnight on this date, in YYYY-MM-DD format or relative options ( 'today', 'yesterday' ) | string | |
| tld | optional | Limit results to only include domains in a specific top-level domain (i.e. "tld=com" or "tld=ru") | string | |
| create_date | optional | Only include domains created on a specific date, in YYYY-MM-DD format or relative options ( 'today', 'yesterday' ) | string | |
| create_date_within | optional | Only include domains with a whois create date within the specified number of days (e.g. specifying '1' would indicate within the past day) | string | |
| first_seen_within | optional | Only include domains with a current lifecycle first observed within the specified number of seconds (e.g. specifying '86400' would indicate within the past day) | string | |
| first_seen_since | optional | Only include domains with a current lifecycle first observed since a specified datetime. (Example: 2023-04-10T00:00:00+00:00) | string | |
| expiration_date | optional | Only include domains expiring on a specific date, in YYYY-MM-DD format or relative options ( 'today', 'yesterday' ) | string |
Action Output¶
| Data Path | Type | Contains | Example Values |
|---|---|---|---|
| action_result.parameter.create_date | string | ||
| action_result.parameter.create_date_within | string | ||
| action_result.parameter.data_updated_after | string | ||
| action_result.parameter.expiration_date | string | ||
| action_result.parameter.first_seen_within | string | ||
| action_result.parameter.first_seen_since | string | ||
| action_result.parameter.ip | string | ip | |
| action_result.parameter.status | string | ||
| action_result.parameter.tld | string | ||
| action_result.data.*.domain | string | domain | |
| action_result.data.*.domain_risk.risk_score | numeric | ||
| action_result.data.*.domain_risk.risk_score_string | string | ||
| action_result.status | string | success failed | |
| action_result.message | string | ||
| action_result.summary | string | ||
| summary.total_objects | numeric | 1 | |
| summary.total_objects_successful | numeric | 1 |
Load Hash¶
Load or monitor Iris Investigate search results by Iris Investigate export hash.
Type: Investigate Read only: True
Action Parameters¶
| Parameter | Required | Description | Type | Contains |
|---|---|---|---|---|
| search_hash | required | Paste the "Current Search Export" string (Advanced -> Import/Export Search) from Iris Investigate in this field to import up to 5000 domains | string |
Action Output¶
| Data Path | Type | Contains | Example Values |
|---|---|---|---|
| action_result.parameter.search_hash | string | ||
| action_result.data.*.domain | string | domain | |
| action_result.data.*.domain_risk.risk_score | numeric | ||
| action_result.data.*.domain_risk.risk_score_string | string | ||
| action_result.status | string | success failed | |
| action_result.message | string | ||
| action_result.summary | string | ||
| summary.total_objects | numeric | 1 | |
| summary.total_objects_successful | numeric | 1 |
Reverse Email¶
Find domains with email in Whois, DNS SOA or SSL certificate.
Type: Investigate Read only: True
Action Parameters¶
| Parameter | Required | Description | Type | Contains |
|---|---|---|---|---|
| required | Email query | string | ||
| status | optional | Return domains of this registration type | string | |
| data_updated_after | optional | Iris Investigate records that were updated on or after midnight on this date, in YYYY-MM-DD format or relative options ( 'today', 'yesterday' ) | string | |
| tld | optional | Limit results to only include domains in a specific top-level domain (i.e. "tld=com" or "tld=ru") | string | |
| create_date | optional | Only include domains created on a specific date, in YYYY-MM-DD format or relative options ( 'today', 'yesterday' ) | string | |
| create_date_within | optional | Only include domains with a whois create date within the specified number of days (e.g. specifying '1' would indicate within the past day) | string | |
| first_seen_within | optional | Only include domains with a current lifecycle first observed within the specified number of seconds (e.g. specifying '86400' would indicate within the past day) | string | |
| first_seen_since | optional | Only include domains with a current lifecycle first observed since a specified datetime. (Example: 2023-04-10T00:00:00+00:00) | string | |
| expiration_date | optional | Only include domains expiring on a specific date, in YYYY-MM-DD format or relative options ( 'today', 'yesterday' ) | string |
Action Output¶
| Data Path | Type | Contains | Example Values |
|---|---|---|---|
| action_result.parameter.create_date | string | ||
| action_result.parameter.create_date_within | string | ||
| action_result.parameter.data_updated_after | string | ||
| action_result.parameter.email | string | ||
| action_result.parameter.expiration_date | string | ||
| action_result.parameter.first_seen_within | string | ||
| action_result.parameter.first_seen_since | string | ||
| action_result.parameter.status | string | ||
| action_result.parameter.tld | string | ||
| action_result.data.*.domain | string | domain | |
| action_result.data.*.domain_risk.risk_score | numeric | ||
| action_result.data.*.domain_risk.risk_score_string | string | ||
| action_result.data.*.first_seen.count | numeric | ||
| action_result.data.*.first_seen.value | string | ||
| action_result.data.*.server_type.count | numeric | ||
| action_result.data.*.server_type.value | string | ||
| action_result.data.*.website_title.count | numeric | ||
| action_result.data.*.website_title.value | string | ||
| action_result.status | string | success failed | |
| action_result.message | string | ||
| action_result.summary | string | ||
| summary.total_objects | numeric | 1 | |
| summary.total_objects_successful | numeric | 1 |
Domain Risk Feed¶
Ingest real-time feed of high-risk domains with combined Domain Risk Scores of 70 or higher.
Type: ingest Read only: True
This action connects to the DomainTools Real-Time Domain Risk Feed API to continuously ingest domains that have been scored as high-risk (combined score of 70+), regardless of their recent activity. Use this action to maintain comprehensive visibility into potentially dangerous infrastructure for proactive threat detection.
Action Parameters¶
| Parameter | Required | Description | Type | Contains |
|---|---|---|---|---|
| sessionID | optional | Session identifier for tracking feed position across multiple requests | string | |
| limit | optional | Maximum number of entries to retrieve per request | numeric | |
| overall_min | optional | Minimum overall risk score (0-100) | numeric | |
| phishing_min | optional | Minimum phishing risk score (0-100) | numeric | |
| malware_min | optional | Minimum malware risk score (0-100) | numeric | |
| spam_min | optional | Minimum spam risk score (0-100) | numeric | |
| proximity_min | optional | Minimum proximity risk score (0-100) | numeric |
Action Output¶
| Data Path | Type | Contains | Example Values |
|---|---|---|---|
| action_result.parameter.sessionID | string | ||
| action_result.parameter.limit | numeric | ||
| action_result.parameter.overall_min | numeric | ||
| action_result.parameter.phishing_min | numeric | ||
| action_result.parameter.malware_min | numeric | ||
| action_result.parameter.spam_min | numeric | ||
| action_result.parameter.proximity_min | numeric | ||
| action_result.data.*.timestamp | string | ||
| action_result.data.*.domain | string | domain | |
| action_result.data.*.phishing_risk | numeric | ||
| action_result.data.*.malware_risk | numeric | ||
| action_result.data.*.spam_risk | numeric | ||
| action_result.data.*.proximity_risk | numeric | ||
| action_result.data.*.overall_risk | numeric | ||
| action_result.status | string | success failed | |
| action_result.message | string | ||
| action_result.summary | string | ||
| summary.total_objects | numeric | 1 | |
| summary.total_objects_successful | numeric | 1 |
Domain Hotlist Feed¶
Ingest real-time feed of high-risk domains that have shown activity within the last 24 hours.
Type: ingest Read only: True
This action connects to the DomainTools Real-Time Domain Hotlist Feed API to continuously ingest currently active, high-risk domains. Each entry includes a 24-hour expiration time, making this ideal for building high-confidence block lists and identifying domains that pose immediate threats.
Action Parameters¶
| Parameter | Required | Description | Type | Contains |
|---|---|---|---|---|
| sessionID | optional | Session identifier for tracking feed position across multiple requests | string | |
| limit | optional | Maximum number of entries to retrieve per request | numeric | |
| overall_min | optional | Minimum overall risk score (0-100) | numeric | |
| phishing_min | optional | Minimum phishing risk score (0-100) | numeric | |
| malware_min | optional | Minimum malware risk score (0-100) | numeric | |
| spam_min | optional | Minimum spam risk score (0-100) | numeric | |
| proximity_min | optional | Minimum proximity risk score (0-100) | numeric |
Action Output¶
| Data Path | Type | Contains | Example Values |
|---|---|---|---|
| action_result.parameter.sessionID | string | ||
| action_result.parameter.limit | numeric | ||
| action_result.parameter.overall_min | numeric | ||
| action_result.parameter.phishing_min | numeric | ||
| action_result.parameter.malware_min | numeric | ||
| action_result.parameter.spam_min | numeric | ||
| action_result.parameter.proximity_min | numeric | ||
| action_result.data.*.timestamp | string | ||
| action_result.data.*.domain | string | domain | |
| action_result.data.*.phishing_risk | numeric | ||
| action_result.data.*.malware_risk | numeric | ||
| action_result.data.*.spam_risk | numeric | ||
| action_result.data.*.proximity_risk | numeric | ||
| action_result.data.*.overall_risk | numeric | ||
| action_result.data.*.expires | string | ||
| action_result.status | string | success failed | |
| action_result.message | string | ||
| action_result.summary | string | ||
| summary.total_objects | numeric | 1 | |
| summary.total_objects_successful | numeric | 1 |
Lookup Domain¶
Get all Iris Investigate data for a domain using the Iris Investigate API endpoint (required).
Type: Investigate Read only: True
Action Parameters¶
| Parameter | Required | Description | Type | Contains |
|---|---|---|---|---|
| domain | required | Domain or comma-separated list of domains to query using the Iris Investigate API | string | url domain |
Action Output¶
| Data Path | Type | Contains | Example Values |
|---|---|---|---|
| action_result.status | string | failed success | |
| action_result.parameter.domain | string | url domain | |
| action_result.data..additional_whois_email..count | numeric | ||
| action_result.data..additional_whois_email..value | string | ||
| action_result.data.*.admin_contact.city.count | numeric | ||
| action_result.data.*.admin_contact.city.value | string | ||
| action_result.data.*.admin_contact.country.count | numeric | ||
| action_result.data.*.admin_contact.country.value | string | ||
| action_result.data.*.admin_contact.fax.count | numeric | ||
| action_result.data.*.admin_contact.fax.value | string | ||
| action_result.data.*.admin_contact.name.count | numeric | ||
| action_result.data.*.admin_contact.name.value | string | ||
| action_result.data.*.admin_contact.org.count | numeric | ||
| action_result.data.*.admin_contact.org.value | string | ||
| action_result.data.*.admin_contact.phone.count | numeric | ||
| action_result.data.*.admin_contact.phone.value | string | ||
| action_result.data.*.admin_contact.postal.count | numeric | ||
| action_result.data.*.admin_contact.postal.value | string | ||
| action_result.data.*.admin_contact.state.count | numeric | ||
| action_result.data.*.admin_contact.state.value | string | ||
| action_result.data.*.admin_contact.street.count | numeric | ||
| action_result.data.*.admin_contact.street.value | string | ||
| action_result.data.*.adsense.count | numeric | ||
| action_result.data.*.adsense.value | string | ||
| action_result.data.*.alexa | numeric | ||
| action_result.data.*.billing_contact.city.count | numeric | ||
| action_result.data.*.billing_contact.city.value | string | ||
| action_result.data.*.billing_contact.country.count | numeric | ||
| action_result.data.*.billing_contact.country.value | string | ||
| action_result.data.*.billing_contact.fax.count | numeric | ||
| action_result.data.*.billing_contact.fax.value | string | ||
| action_result.data.*.billing_contact.name.count | numeric | ||
| action_result.data.*.billing_contact.name.value | string | ||
| action_result.data.*.billing_contact.org.count | numeric | ||
| action_result.data.*.billing_contact.org.value | string | ||
| action_result.data.*.billing_contact.phone.count | numeric | ||
| action_result.data.*.billing_contact.phone.value | string | ||
| action_result.data.*.billing_contact.postal.count | numeric | ||
| action_result.data.*.billing_contact.postal.value | string | ||
| action_result.data.*.billing_contact.state.count | numeric | ||
| action_result.data.*.billing_contact.state.value | string | ||
| action_result.data.*.billing_contact.street.count | numeric | ||
| action_result.data.*.billing_contact.street.value | string | ||
| action_result.data.*.create_date.count | numeric | ||
| action_result.data.*.create_date.value | string | ||
| action_result.data.*.domain_risk.risk_score | numeric | ||
| action_result.data..email_domain..count | numeric | ||
| action_result.data..email_domain..value | string | ||
| action_result.data.*.expiration_date.count | numeric | ||
| action_result.data.*.expiration_date.value | string | ||
| action_result.data.*.first_seen.count | numeric | ||
| action_result.data.*.first_seen.value | string | ||
| action_result.data.*.google_analytics.count | numeric | ||
| action_result.data.*.google_analytics.value | string | ||
| action_result.data..ip..address.count | numeric | ||
| action_result.data..ip..address.value | string | ||
| action_result.data..ip..asn.*.count | numeric | ||
| action_result.data..ip..asn.*.value | string | ||
| action_result.data..ip..country_code.count | numeric | ||
| action_result.data..ip..country_code.value | string | ||
| action_result.data..ip..isp.count | numeric | ||
| action_result.data..ip..isp.value | string | ||
| action_result.data..mx..domain.count | numeric | ||
| action_result.data..mx..domain.value | string | ||
| action_result.data..mx..host.count | numeric | ||
| action_result.data..mx..host.value | string | ||
| action_result.data..mx..ip.*.count | numeric | ||
| action_result.data..mx..ip.*.value | string | ||
| action_result.data..name_server..domain.count | numeric | ||
| action_result.data..name_server..domain.value | string | ||
| action_result.data..name_server..host.count | numeric | ||
| action_result.data..name_server..host.value | string | ||
| action_result.data..name_server..ip.*.count | numeric | ||
| action_result.data..name_server..ip.*.value | string | ||
| action_result.data.*.redirect.count | numeric | ||
| action_result.data.*.redirect.value | string | ||
| action_result.data.*.redirect_domain.count | numeric | ||
| action_result.data.*.redirect_domain.value | string | ||
| action_result.data.*.registrant_contact.city.count | numeric | ||
| action_result.data.*.registrant_contact.city.value | string | ||
| action_result.data.*.registrant_contact.country.count | numeric | ||
| action_result.data.*.registrant_contact.country.value | string | ||
| action_result.data..registrant_contact.email..value | string | ||
| action_result.data..registrant_contact.email..count | numeric | ||
| action_result.data.*.registrant_contact.fax.count | numeric | ||
| action_result.data.*.registrant_contact.fax.value | string | ||
| action_result.data.*.registrant_contact.name.count | numeric | ||
| action_result.data.*.registrant_contact.name.value | string | ||
| action_result.data.*.registrant_contact.org.count | numeric | ||
| action_result.data.*.registrant_contact.org.value | string | ||
| action_result.data.*.registrant_contact.phone.count | numeric | ||
| action_result.data.*.registrant_contact.phone.value | string | ||
| action_result.data.*.registrant_contact.postal.count | numeric | ||
| action_result.data.*.registrant_contact.postal.value | string | ||
| action_result.data.*.registrant_contact.state.count | numeric | ||
| action_result.data.*.registrant_contact.state.value | string | ||
| action_result.data.*.registrant_contact.street.count | numeric | ||
| action_result.data.*.registrant_contact.street.value | string | ||
| action_result.data.*.registrant_name.count | numeric | ||
| action_result.data.*.registrant_name.value | string | ||
| action_result.data.*.registrant_org.count | numeric | ||
| action_result.data.*.registrant_org.value | string | ||
| action_result.data.*.registrar.count | numeric | ||
| action_result.data.*.registrar.value | string | ||
| action_result.data.*.server_type.count | numeric | ||
| action_result.data.*.server_type.value | string | ||
| action_result.data..soa_email..count | numeric | ||
| action_result.data..soa_email..value | string | ||
| action_result.data..ssl_info..alt_names.*.count | numeric | ||
| action_result.data..ssl_info..alt_names.*.value | string | ||
| action_result.data..ssl_info..common_name.count | numeric | ||
| action_result.data..ssl_info..common_name.value | string | ||
| action_result.data..ssl_info..duration.count | numeric | ||
| action_result.data..ssl_info..duration.value | string | ||
| action_result.data..ssl_info..email.*.count | numeric | ||
| action_result.data..ssl_info..email.*.value | string | ||
| action_result.data..ssl_info..hash.count | numeric | ||
| action_result.data..ssl_info..hash.value | string | ||
| action_result.data..ssl_info..issuer_common_name.count | numeric | ||
| action_result.data..ssl_info..issuer_common_name.value | string | ||
| action_result.data..ssl_info..not_after.count | numeric | ||
| action_result.data..ssl_info..not_after.value | string | ||
| action_result.data..ssl_info..not_before.count | numeric | ||
| action_result.data..ssl_info..not_before.value | string | ||
| action_result.data..ssl_info..organization.count | numeric | ||
| action_result.data..ssl_info..organization.value | string | ||
| action_result.data..ssl_info..subject.count | numeric | ||
| action_result.data..ssl_info..subject.value | string | ||
| action_result.data..tags..label | string | ||
| action_result.data..tags..scope | string | ||
| action_result.data..tags..tagged_at | string | ||
| action_result.data.*.technical_contact.city.count | numeric | ||
| action_result.data.*.technical_contact.city.value | string | ||
| action_result.data.*.technical_contact.country.count | numeric | ||
| action_result.data.*.technical_contact.country.value | string | ||
| action_result.data.*.technical_contact.fax.count | numeric | ||
| action_result.data.*.technical_contact.fax.value | string | ||
| action_result.data.*.technical_contact.name.count | numeric | ||
| action_result.data.*.technical_contact.name.value | string | ||
| action_result.data.*.technical_contact.org.count | numeric | ||
| action_result.data.*.technical_contact.org.value | string | ||
| action_result.data.*.technical_contact.phone.count | numeric | ||
| action_result.data.*.technical_contact.phone.value | string | ||
| action_result.data.*.technical_contact.postal.count | numeric | ||
| action_result.data.*.technical_contact.postal.value | string | ||
| action_result.data.*.technical_contact.state.count | numeric | ||
| action_result.data.*.technical_contact.state.value | string | ||
| action_result.data.*.technical_contact.street.count | numeric | ||
| action_result.data.*.technical_contact.street.value | string | ||
| action_result.data.*.tld | string | ||
| action_result.summary | string | ||
| action_result.data.*.website_title.count | numeric | ||
| action_result.data.*.website_title.value | string | ||
| action_result.summary | string | ||
| action_result.message | string | ||
| summary.total_objects | numeric | 1 | |
| summary.total_objects_successful | numeric | 1 |
Configure Scheduled Playbooks¶
Run on initial setup to configure the optional monitoring playbooks. This action creates a custom list to manage the playbook scheduling and run status.
Type: Investigate Read only: True
Action Parameters¶
This action requires no parameters.
Action Output¶
| Data Path | Type | Contains | Example Values |
|---|---|---|---|
| action_result.status | string | failed success | |
| action_result.data.* | string | ||
| action_result.summary | string | ||
| action_result.message | string | ||
| summary.total_objects | numeric | 1 | |
| summary.total_objects_successful | numeric | 1 |
On Poll¶
Execute scheduled playbooks based on the set interval in domaintools_scheduled_playbooks custom list. Smaller intervals result in more accurate schedules.
Type: ingest Read only: True
Action Parameters¶
No parameters are required for this action.
Action Output¶
No Output