DomainTools Iris Investigate for Microsoft Sentinel

Solution: DomainTools

DomainTools Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	DomainTools
Support Tier	Partner
Support Link	https://www.domaintools.com/support/
Categories	domains
Version	3.0.0
Author	DomainTools - memberservices@domaintools.com
First Published	2022-10-20
Last Updated	2025-12-14
Solution Folder	DomainTools
Marketplace	Azure Marketplace · Rating: ★★★★★ 5.0/5 (1 ratings) · Popularity: 🔵 Medium (57%)

The Domaintools Iris investigate solution for Microsoft Sentinel contains Playbooks that can help Enrich domain & investigate domain, domain risk score, Malicious tags, URL's and DNS from Domain tools. This enriched / investigated information can help drive better analysis in security Operations.

Data Connectors

This solution does not include data connectors.

This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.

Content Items

This solution includes 9 content item(s):

Content Type	Count
Playbooks	8
Parsers	1

Playbooks

Name	Description	Tables Used
Domain ASIM Enrichment - DomainTools Iris Enrich	Given a domain or set of domains associated with an alert return all Iris Enrich data for those doma...	-
Domain Enrichment - DomainTools Iris Enrich	Given a domain or set of domains associated with an incident return all Iris Enrich data for those d...	-
Domain Enrichment - DomainTools Iris Investigate	Given a domain or set of domains associated with an incident return all Iris Investigate data for th...	-
DomainTools DNSDB Co-Located Hosts	This playbook uses the Farsight DNSDB connector to automatically enrich Domain's found in the Micros...	-
DomainTools DNSDB Co-Located IP Addresses	This playbook uses the Farsight DNSDB connector to automatically enrich IP Addresses found in the Mi...	-
DomainTools DNSDB Historical Hosts	This playbook uses the Farsight DNSDB connector to automatically enrich Domain's found in the Micros...	-
DomainTools DNSDB Historical IP Addresses	This playbook uses the Farsight DNSDB connector to automatically enrich IP Addresses found in the Mi...	-
IP Enrichment - DomainTools Parsed Whois	This playbook uses the DomainTools Parsed Whois API. Given a ip address or set of ip addresses assoc...	-

Parsers

Name	Description	Tables Used
DomainToolsDNS	-	-

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.0	29-01-2024	App insights to LA change in data connector and repackage

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Solutions Index