DomainTools Iris

DomainTools Iris is a Threat Intelligence and Investigative Platform that combines enterprise grade domain intelligence and risk scoring with passive DNS data from Farsight and other top-tier providers.

With DomainTools Iris’s Maltego Transforms, investigators can perform infrastructure risk assessment and seamlessly integrate workflows into a Maltego Graph and vice versa. These Transforms enable investigators to map connected infrastructure, run correlations, look at attribution, highlight risky domains, etc. to surface meaningful insights.

Benefits

• Extending the rich DNS, Whois, and beyond Whois datasets, with these transforms Analysts can increase the chance of intersection with existing graph data from other data sources to open up new investigative pathways.
• 40+ Transforms that query the DomainTools Iris dataset and return domain names that share the same attributes as the value of the entity.
• Pivot and infer connections between different domains, assisting with mapping out a potential threat actor or group’s TTPs (tactics, techniques, and procedures) using guided pivots.

Typical users of this data

• Threat Intel Teams
• Online Fraud & Brand Fraud Investigators
• Security Analysts
• Incident Response Teams
• Hunt Teams and Cyber Forensic Investigators
• Corporate securing teams requiring domain-based risk assessment