“Decoding Political Violence with OSINT and Lessons from the Frontline”

Join deep dive: Wed, Dec 18, 16:00 CET

DomainTools Iris Investigate

By DomainTools LLC
Map connected infrastructure, correlations, attribution, domains, and more to surface meaningful insights.
# Infrastructure & Network Information # Recon # Fraud & Abuse # Incident Response
DomainTools Iris Investigate integration in Maltego

DomainTools Iris Investigate Transforms for Maltego

DomainTools is the global leader for internet intelligence and the first place security practitioners go when they need to know. The world’s most advanced security teams use our solutions to identify external risks, investigate threats, and proactively protect their organizations in a constantly evolving threat landscape.

DomainTools collect Open Source Intelligence (OSINT) data from many sources, which they join with some 20 years’ worth of historical data to expose and characterize the infrastructure adversaries use in various kinds of attack campaigns, including ransomware, business email compromise, espionage, and more.

Together, DomainTools and Maltego have simplified cyber investigations to provide actionable insights and expedite the investigation process. Extending the rich DNS, Whois, and beyond Whois datasets, DomainTools Iris Investigate integrates with Maltego to provide seamless workflows from the DomainTools Iris user interface directly to the Maltego graph.

The DomainTools solution for Maltego extends the rich domain name dataset and powerful pivot capabilities of DomainTools to the Maltego graph, enabling investigators and analysts to map connected infrastructure, run correlations, look at attribution, highlight risky domains, etc. to surfacing meaningful insights.

DomainTools integration in Maltego

Typical Users of DomainTools Iris Investigate Data

  • Threat Hunters and Network Defenders
  • SOC Analysts
  • Law Enforcement and Anti-Fraud Analysts
  • Incident Responders

Integration Benefits

Propels investigations

Investigators can transform a domain name from any source into a comprehensive set of entities, connections, and dynamic properties to reveal actors, surface infrastructure, and highlight risk. These new entities greatly increase the chance of intersection with existing graph data from other sources, helping expose key features of emerging or existing campaigns.

Guides and supports analytical workflows

Analysts can quickly identify which graph node to pivot on by consulting the Guided Pivot counts, which indicate the number of domain records present in the Iris database that contain that same data point. From here, analysts can infer connection between one domain and another and map out a potential threat actor or group’s infrastructure patterns.

Builds confidence in investigative conclusions

DomainTools has made its name collecting, organizing, and provisioning the most comprehensive, timely, and accurate Internet infrastructure data available anywhere. Investigations using DomainTools and Maltego are based on ground-truth data observed across the entire Internet and updated in near real time.

Leverage DomainTools Iris Data for

Threat Hunting

By developing a more complete picture of the infrastructure adversaries are using in campaigns, threat hunters can identify patterns of infrastructure use that allow them to anticipate future moves by adversaries. This enables blocking or alerting on emerging campaigns before they cause further harm.

Incident Response

Given a DNS indicator of compromise such as a domain or IP address associated with suspicious traffic, incident responders can use the DomainTools Maltego integration to find correlated infrastructure that may intersect with other, previously un-flagged traffic from the protected environment.

Fraud or Crime Analysis

Uniting the DomainTools Iris Investigate database of Internet infrastructure data with other sources that characterize criminal activity or actors, analysts can develop key insights and collect evidence on cybercrime and fraud events.
Read more

Resources

Articles

Investigator Toolkit November 2022: Cheat Sheets for Faster and Spot-on Workflows

Case Studies

Investigating Fake Crypto Exchanges with Maltego, DomainTools & WhoisXML API

Articles

How to Conduct Person of Interest Investigations Using OSINT and Maltego

Articles

Hunting Phishing Sites in the Festive Season with Maltego

Webinars

Webinar | Put the "Go" in the Maltego with DomainTools Iris

Webinars

Webinar | Enrich your investigations for Maltego with DomainTools Iris

Webinars

Webinar | Accelerating Threat Intelligence Investigations with DomainTools and Maltego

Webinars

Webinar | Transform Your Investigations with DomainTools and Maltego

Webinars

Webinar | Examining the Infrastructure of the Disneyland Malware Team with DomainTools

Briefs

DomainTools Iris Solution in Maltego

Videos

How to Conduct Network Footprinting Using Maltego in 5 Minutes

Others

DomainTools Maltego Integration

Contact

Reach out to us to learn more about this data integration and how to access it.
By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About DomainTools

DomainTools is the global leader for internet intelligence and the first place security practitioners go when they need to know. The world’s most advanced security teams use our solutions to identify external risks, investigate threats, and proactively protect their organizations in a constantly evolving threat landscape.  DomainTools constantly monitors the Internet and brings together the most comprehensive and trusted domain, website and DNS data to provide immediate context and machine-learning driven risk analytics delivered in near real-time.  Visit domaintools.com to experience firsthand why DomainTools is the first stop for advanced security teams when they need to know.