DomainTools Iris

By DomainTools LLC
Map connected infrastructure, correlations, attribution, domains, and more to surface meaningful insights.
# Infrastructure & Network Information # Recon # Fraud & Abuse # Incident Response
DomainTools Iris integration in Maltego

DomainTools Iris Transforms for Maltego

With the world’s largest database of domain and DNS intelligence, DomainTools empowers analysts to develop key insights into the nature and extent of adversary holdings, based on a proven methodology of characterizing and connecting domains through the data points they have in common. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure.

DomainTools collect Open Source Intelligence (OSINT) data from many sources, which they join with some 20 years’ worth of historical data to expose and characterize the infrastructure adversaries use in various kinds of attack campaigns, including ransomware, business email compromise, espionage, and more.

Together, DomainTools and Maltego have simplified cyber investigations to provide actionable insights and expedite the investigation process. Extending the rich DNS, Whois, and beyond Whois datasets, DomainTools Iris integrates with Maltego to provide seamless workflows from the DomainTools Iris user interface directly to the Maltego graph.

The DomainTools solution for Maltego extends the rich domain name dataset and powerful pivot capabilities of DomainTools to the Maltego graph, enabling investigators and analysts to map connected infrastructure, run correlations, look at attribution, highlight risky domains, etc. to surfacing meaningful insights.

DomainTools integration in Maltego

Typical Users of DomainTools Iris Data

  • Threat Hunters and Network Defenders
  • SOC Analysts
  • Law Enforcement and Anti-Fraud Analysts
  • Incident Responders

Integration Benefits

Propels investigations

Investigators can transform a domain name from any source into a comprehensive set of entities, connections, and dynamic properties to reveal actors, surface infrastructure, and highlight risk. These new entities greatly increase the chance of intersection with existing graph data from other sources, helping expose key features of emerging or existing campaigns.

Guides and supports analytical workflows

Analysts can quickly identify which graph node to pivot on by consulting the Guided Pivot counts, which indicate the number of domain records present in the Iris database that contain that same data point. From here, analysts can infer connection between one domain and another and map out a potential threat actor or group’s infrastructure patterns.

Builds confidence in investigative conclusions

DomainTools has made its name collecting, organizing, and provisioning the most comprehensive, timely, and accurate Internet infrastructure data available anywhere. Investigations using DomainTools and Maltego are based on ground-truth data observed across the entire Internet and updated in near real time.

Leverage DomainTools Iris Data for

Threat Hunting

By developing a more complete picture of the infrastructure adversaries are using in campaigns, threat hunters can identify patterns of infrastructure use that allow them to anticipate future moves by adversaries. This enables blocking or alerting on emerging campaigns before they cause further harm.

Incident Response

Given a DNS indicator of compromise such as a domain or IP address associated with suspicious traffic, incident responders can use the DomainTools Maltego integration to find correlated infrastructure that may intersect with other, previously un-flagged traffic from the protected environment.

Fraud or Crime Analysis

Uniting the DomainTools Iris database of Internet infrastructure data with other sources that characterize criminal activity or actors, analysts can develop key insights and collect evidence on cybercrime and fraud events.
Read more

Pricing & Access

Community Hub
Available only with a Maltego commercial license.
Commercial Hub
Users with a Maltego One license have the following access or purchase options.
Bring Your Own Key (Purchase Separately)
For full solution access, plug in your existing API key or reach out to us using the form below for purchase inquiry.

Resources

Case Studies

Investigating Fake Crypto Exchanges with Maltego, DomainTools & WhoisXML API

Webinars

Webinar | Put the "Go" in the Maltego with DomainTools Iris

Webinars

Webinar | Enrich your investigations for Maltego with DomainTools Iris

Webinars

Webinar | Accelerating Threat Intelligence Investigations with DomainTools and Maltego

Webinars

Webinar | Transform Your Investigations with DomainTools and Maltego

Videos

How to Conduct Network Footprinting Using Maltego in 5 Minutes

Briefs

DomainTools Iris Solution in Maltego

Others

DomainTools Maltego Integration

Ask us about the Data sources

By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About DomainTools

DomainTools helps security analysts turn threat data into Threat Intelligence. DomainTools connects indicators from a company’s network, including domain and IPs, with active domains on the Internet. Those connections inform about risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. DomainTools has over 10 Billion related DNS data points to build a map of ‘who’s doing what’ on the Internet. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work.

For more information, visit: https://www.domaintools.com/