Skip to content

Pivot Engine overview

The Pivot Engine is the central hub for discovering connections between domains. It aggregates search results, displays key data points, and enables you to pivot on specific values to advance your investigation.

What is the Pivot Engine?

The Pivot Engine displays search results in a table format with pivotable data points. Each row represents a domain, and each column shows a specific attribute (email, IP address, registrar, etc.). Right-clicking any value opens the Operations Menu, which lets you:

  • Create new searches based on that value
  • Narrow or expand your current search
  • Exclude results containing that value
  • Inspect the value in relevant data panels

Key features

Aggregated results

The Pivot Engine consolidates search results and displays them in a scannable table format. You can:

  • Sort by any column
  • Customize which columns are visible
  • Page through large result sets
  • Export results to CSV or STIX formats

Pivotable data points

Most data types in the Pivot Engine can function as pivot points. Common pivot types include:

  • IP addresses
  • Email addresses
  • Registrant names and organizations
  • Name servers
  • SSL certificate hashes
  • Web analytics codes
  • Registrars

Guided pivots

Iris Investigate highlights fields that can pivot to 500 or fewer domains—a range that typically indicates useful investigation targets. These guided pivots show:

  • The count of domains sharing that value
  • The average risk score of connected domains
  • Visual highlighting to draw attention to promising leads

For more details, see Guided Pivots.

How to use the Pivot Engine

  1. Execute a search: Results populate the Pivot Engine.
  2. Review results: Scan the table for interesting patterns or connections.
  3. Select a domain: Click a domain to populate other data panels with its information.
  4. Pivot on values: Right-click any value to open the Operations Menu and create new searches.

Pivot Engine location

The Pivot Engine appears as the leftmost panel in the Iris Investigate interface after executing a search. It remains visible as you navigate through your investigation, allowing you to:

  • Return to your results at any time
  • Select different domains to inspect
  • Create new pivots without losing your place

Result limits

The Pivot Engine displays search results with the following limits:

  • Default page size: 20 results per page
  • Maximum results: Varies by search type
  • Stats aggregation: First 2,500 records for statistical analysis

Use pagination controls at the top of the Pivot Engine to navigate through large result sets.

Next steps