Overview

The Domain Risk Feed and Hotlist by DomainTools is a daily-updated, predictive threat intelligence solution designed to identify and prioritize high-risk domains. By leveraging the DomainTools Risk Score, which combines machine learning algorithms analyzing domain proximity to known malicious domains and threat profiles, the product enables organizations to proactively detect and mitigate potential threats before they materialize. This feed is instrumental in enhancing security operations by providing timely insights into domains that exhibit malicious characteristics, allowing for effective blocking and detection strategies.

Features and Capabilities

• **Daily Updates: **The feed is refreshed every 24 hours, ensuring that the most recent and relevant threat data is available for analysis.
• **Risk Scoring: **
  • Utilizes the DomainTools Risk Score, which assesses domains based on:
    • Proximity: Evaluates how closely a domain is connected to other known malicious domains.
    • Threat Profile: Analyzes intrinsic domain properties to determine resemblance to domains used for spam, phishing, or malware.
• Passive DNS Activity Monitoring
• Incorporates data from passive DNS (pDNS) to identify domains that are actively resolving, indicating operational status.
• High-Risk Domain Identification:
  • Focuses on domains with:
    • Threat Profile scores of 90 and above
    • Proximity scores of 70 and above
    • Recent pDNS activity within the last day
• **Prioritized Domain Listing: **Domains are ranked based on their risk scores, with the most concerning domains listed at the top, facilitating efficient threat response.
• **Integration Capabilities: **Designed to seamlessly integrate with Security Information and Event Management (SIEM) systems, Security Orchestration, Automation, and Response (SOAR) platforms, and other security tools to enhance threat detection and response workflows.
• Comprehensive Coverage:Draws upon data points from over 330 million current internet domains, providing extensive visibility into potential threats.
• **Predictive Threat Detection: **Aims to identify domains registered with malicious intent before they are weaponized, allowing for preemptive security measures.