Overview

DomainTools Iris Enrich is a robust API solution designed to integrate comprehensive domain intelligence into security operations. It enables security teams to enrich domain and IP indicators with critical context, facilitating rapid triage, investigation, and response. By leveraging data such as Whois records, DNS information, SSL certificates, and risk scoring, Iris Enrich provides actionable insights that enhance the effectiveness of SIEM, SOAR, and other security tools. Its REST-based, OpenAPI-compatible design ensures seamless integration into existing security infrastructures, supporting high-volume queries and delivering timely, accurate data to bolster defense capabilities.

Features and Capabilities

• High-Volume Data Enrichment: Capable of enriching at least 6,000 domains per minute with multiple attributes, including domain risk scores, Whois, RDAP, IP, active DNS, website, and SSL data.
• Comprehensive Domain Intelligence: Provides extensive Whois data, including creation dates, registrant information, and domain status, as well as DNS resolutions for hosting, MX, and name servers.
• SSL/TLS Certificate Analysis: Offers detailed SSL certificate information, such as hash, subject, organization, and associated email data, aiding in the identification of malicious infrastructure.
• Timely and Accurate Data: Utilizes a best-in-class infrastructure discovery engine to provide early context on newly registered domains and emerging attack campaigns, with near real-time risk scoring.
• Adaptable Integration: Designed to integrate seamlessly with SIEM, SOAR, and other security tools, supporting high query volumes and providing actionable insights at scale.
• Flexible API Design: The REST-based, OpenAPI-compatible API allows for easy incorporation into internal tools, enabling customized rate limiting and optimized domain name enrichment.
• Extensive Data Coverage: Access to the industry's largest domain database, with over 360 million active domains and over 95% coverage across all top-level domains (TLDs).
• Sophisticated Data Associations: Employs advanced algorithms to establish connections across datasets, accelerating threat detection and response.
• Use Case Versatility: Applicable to various scenarios, including threat hunting, fraud detection, ransomware analysis, phishing prevention, brand protection, and adversary infrastructure mapping.