DomainTools Iris
By DomainTools LLC

DomainTools Iris in the Transform Hub
DomainTools Iris is a Threat Intelligence and Investigative Platform that combines enterprise grade domain intelligence and risk scoring with passive DNS data from Farsight and other top-tier providers.
With DomainTools Iris’s Maltego Transforms, investigators can perform infrastructure risk assessment and seamlessly integrate workflows into a Maltego Graph and vice versa. These Transforms enable investigators to map connected infrastructure, run correlations, look at attribution, highlight risky domains, etc. to surface meaningful insights.
Benefits
- Extending the rich DNS, Whois, and beyond Whois datasets, with these transforms Analysts can increase the chance of intersection with existing graph data from other data sources to open up new investigative pathways
- 40+ Transforms that query the DomainTools Iris dataset and return domain names that share the same attributes as the value of the entity
- Pivot and infer connections between different domains, assisting with mapping out a potential threat actor or group’s TTPs (tactics, techniques, and procedures) using guided pivots
Typical Users of This Data
- Threat Intelligence Teams
- Online Fraud & Brand Fraud Investigators
- Security Analysts
- Incident Response Teams
- Hunt Teams and Cyber Forensic Investigators
- Corporate securing teams requiring domain-based risk assessment

Pricing & Access
Pricing Tier: Paid
Hub Type: Commercial Hub
Requirements: Maltego One, Classic or XL license & DomainTools Iris membership
Access: For sales inquiry or to purchase an API key, kindly reach out to Maltego using the form below.
Contact
Reach out to us to learn more about this data integration and how to access it.
About DomainTools
DomainTools helps security analysts turn threat data into Threat Intelligence. DomainTools connects indicators from a company’s network, including domain and IPs, with active domains on the Internet. Those connections inform about risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. DomainTools has over 10 Billion related DNS data points to build a map of ‘who’s doing what’ on the Internet. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work.
For more information, visit: https://www.domaintools.com/
