Indicator Pivoting - DomainTools Iris

Gathers data through pivots that share a common attribute with a domain. For instance, pivoting on an IP address will give you back all domains related to that IP address.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

  • DomainTools Iris

Scripts

This playbook does not use any scripts.

Commands

  • domaintoolsiris-pivot

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
IPAddressThe IP address to pivot.AddressIPOptional
EmailAddressThe Email address for which to pivot.Email.AddressAccountOptional
NameServerIPAddressThe name server IP address for which to pivot.--Optional
SSLHashThe SSL Hash for which to pivot.--Optional
NameServerHostNameThe name server host name for which to pivot.--Optional
MailServerHostNameThe mail server host name for which to pivot.--Optional
IPAddressCountThe number of matches for the IP address.--Optional
EmailAddressCountThe number of matches for the email address.--Optional
NameServerIPAddressCountThe number of matches for the name server IP address.--Optional
SSLHashCountThe number of matches for the SSL Hash.--Optional
NameServerHostNameCountThe number of matches for the name server host name.--Optional
MailServerHostNameCountThe number of matches for the mail server host name.--Optional
PivotThresholdThe threshold for matches less than to pivot on.500-Optional

Playbook Outputs


PathDescriptionType
DomainTools.PivotedDomains.NameThe DomainTools domain name.String
DomainTools.PivotedDomains.LastEnrichedThe last time DomainTools enriched domain data.Date
DomainTools.PivotedDomains.Analytics.OverallRiskScoreThe DomainTools overall risk score.Number
DomainTools.PivotedDomains.Analytics.ProximityRiskScoreThe DomainTools proximity risk score.Number
DomainTools.PivotedDomains.Analytics.ThreatProfileRiskScore.RiskScoreThe DomainTools threat profile risk score.Number
DomainTools.PivotedDomains.Analytics.ThreatProfileRiskScore.ThreatsThe DomainTools threat profile threats.String
DomainTools.PivotedDomains.Analytics.ThreatProfileRiskScore.EvidenceThe DomainTools threat profile evidence.String
DomainTools.PivotedDomains.Analytics.WebsiteResponseCodeThe website response code.Number
DomainTools.PivotedDomains.Analytics.AlexaRankThe Alexa rank.Number
DomainTools.PivotedDomains.Analytics.TagsThe DomainTools Tags.String
DomainTools.PivotedDomains.Identity.RegistrantNameThe name of the registrant.String
DomainTools.PivotedDomains.Identity.RegistrantOrgThe organization of the registrant.String
DomainTools.PivotedDomains.Identity.RegistrantContact.Country.valueThe country value of the registrant contact.String
DomainTools.PivotedDomains.Identity.RegistrantContact.Country.countThe country count of the registrant contact.Number
DomainTools.PivotedDomains.Identity.RegistrantContact.Email.valueThe email value of the registrant contact.String
DomainTools.PivotedDomains.Identity.RegistrantContact.Email.countThe email count of the registrant contact.Number
DomainTools.PivotedDomains.Identity.RegistrantContact.Name.valueThe name value of the registrant contact.String
DomainTools.PivotedDomains.Identity.RegistrantContact.Name.countThe name count of the registrant contact.Number
DomainTools.PivotedDomains.Identity.RegistrantContact.Phone.valueThe phone value of the registrant contact.String
DomainTools.PivotedDomains.Identity.RegistrantContact.Phone.countThe phone count of the registrant contact.Number
DomainTools.PivotedDomains.Identity.SOAEmailThe SOA record Email.String
DomainTools.PivotedDomains.Identity.SSLCertificateEmailThe SSL certificate email.String
DomainTools.PivotedDomains.Identity.AdminContact.Country.valueThe country value of the administrator contact.String
DomainTools.PivotedDomains.Identity.AdminContact.Country.countThe country count of the administrator contact.Number
DomainTools.PivotedDomains.Identity.AdminContact.Email.valueThe email value of the administrator contact.String
DomainTools.PivotedDomains.Identity.AdminContact.Email.countThe email count of the administrator contact.Number
DomainTools.PivotedDomains.Identity.AdminContact.Name.valueThe name value of the administrator contact.String
DomainTools.PivotedDomains.Identity.AdminContact.Name.countThe name count of the administrator contact.Number
DomainTools.PivotedDomains.Identity.AdminContact.Phone.valueThe phone value of the administrator contact.String
DomainTools.PivotedDomains.Identity.AdminContact.Phone.countThe phone count of the administrator contact.Number
DomainTools.PivotedDomains.Identity.TechnicalContact.Country.valueThe country value of the technical contact.String
DomainTools.PivotedDomains.Identity.TechnicalContact.Country.countThe country count of the technical contact.Number
DomainTools.PivotedDomains.Identity.TechnicalContact.Email.valueThe email value of the technical contact.String
DomainTools.PivotedDomains.Identity.TechnicalContact.Email.countThe email count of the technical contact.Number
DomainTools.PivotedDomains.Identity.TechnicalContact.Name.valueThe name value of the technical contact.String
DomainTools.PivotedDomains.Identity.TechnicalContact.Name.countThe name count of the technical contact.Number
DomainTools.PivotedDomains.Identity.TechnicalContact.Phone.valueThe phone value of the technical contact.String
DomainTools.PivotedDomains.Identity.TechnicalContact.Phone.countThe phone count of the technical contact.Number
DomainTools.PivotedDomains.Identity.BillingContact.Country.valueThe country value of the billing contact.String
DomainTools.PivotedDomains.Identity.BillingContact.Country.countThe country count of the billing contact.Number
DomainTools.PivotedDomains.Identity.BillingContact.Email.valueThe email value of the billing contact.String
DomainTools.PivotedDomains.Identity.BillingContact.Email.countThe email count of the billing contact.Number
DomainTools.PivotedDomains.Identity.BillingContact.Name.valueThe name value of the billing contact.String
DomainTools.PivotedDomains.Identity.BillingContact.Name.countThe name count of the billing contact.Number
DomainTools.PivotedDomains.Identity.BillingContact.Phone.valueThe phone value of the billing contact.String
DomainTools.PivotedDomains.Identity.BillingContact.Phone.countThe phone count of the billing contact.Number
DomainTools.PivotedDomains.Identity.EmailDomainsThe email domains.String
DomainTools.PivotedDomains.Identity.AdditionalWhoisEmails.valueThe value of the additional Whois emails.String
DomainTools.PivotedDomains.Identity.AdditionalWhoisEmails.countThe count of the additional Whois emails.Number
DomainTools.PivotedDomains.Registration.DomainRegistrantThe registrant of the domain.String
DomainTools.PivotedDomains.Registration.RegistrarStatusThe status of the registrar.String
DomainTools.PivotedDomains.Registration.DomainStatusThe active status of the domain.Boolean
DomainTools.PivotedDomains.Registration.CreateDateThe date the domain was created.Date
DomainTools.PivotedDomains.Registration.ExpirationDateThe expiry date of the domain.Date
DomainTools.PivotedDomains.Hosting.IPAddresses.address.valueThe address value of the IP Addresses.String
DomainTools.PivotedDomains.Hosting.IPAddresses.address.countThe address count of the IP Addresses.Number
DomainTools.PivotedDomains.Hosting.IPAddresses.asn.valueThe ASN value of the IP Addresses.String
DomainTools.PivotedDomains.Hosting.IPAddresses.asn.countThe ASN count of the IP Addresses.Number
DomainTools.PivotedDomains.Hosting.IPAddresses.country_code.valueThe country code value of the IP Addresses.String
DomainTools.PivotedDomains.Hosting.IPAddresses.country_code.countThe country code count of the IP Addresses.Number
DomainTools.PivotedDomains.Hosting.IPAddresses.isp.valueThe ISP value of the IP Addresses.String
DomainTools.PivotedDomains.Hosting.IPAddresses.isp.countThe ISP count of the IP Addresses.Number
DomainTools.PivotedDomains.Hosting.IPCountryCodeThe country code of the IP address.String
DomainTools.PivotedDomains.Hosting.MailServers.domain.valueThe domain value of the mail servers.String
DomainTools.PivotedDomains.Hosting.MailServers.domain.countThe domain count of the mail servers.Number
DomainTools.PivotedDomains.Hosting.MailServers.host.valueThe host value of the mail servers.String
DomainTools.PivotedDomains.Hosting.MailServers.host.countThe host count of the mail servers.Number
DomainTools.PivotedDomains.Hosting.MailServers.ip.valueThe IP value of the mail servers.String
DomainTools.PivotedDomains.Hosting.MailServers.ip.countThe IP count of the mail servers.Number
DomainTools.PivotedDomains.Hosting.SPFRecordThe SPF record.String
DomainTools.PivotedDomains.Hosting.NameServers.domain.valueThe domain value of the DomainTools domains name servers.String
DomainTools.PivotedDomains.Hosting.NameServers.domain.countThe domain count of the domainTools Domains name servers.Number
DomainTools.PivotedDomains.Hosting.NameServers.host.valueThe host value of the DomainTools domains name servers.String
DomainTools.PivotedDomains.Hosting.NameServers.host.countThe host count of the DomainTools domains name servers.Number
DomainTools.PivotedDomains.Hosting.NameServers.ip.valueThe IP value of the DomainTools domains name servers.String
DomainTools.PivotedDomains.Hosting.NameServers.ip.countThe IP count of the DomainTools domains name servers.Number
DomainTools.PivotedDomains.Hosting.SSLCertificate.hash.valueThe hash value of the SSL certificate.String
DomainTools.PivotedDomains.Hosting.SSLCertificate.hash.countThe hash count of the SSL certificate.Number
DomainTools.PivotedDomains.Hosting.SSLCertificate.organization.valueThe organization value of the SSL certificate.String
DomainTools.PivotedDomains.Hosting.SSLCertificate.organization.countThe organization count of the SSL certificate.Number
DomainTools.PivotedDomains.Hosting.SSLCertificate.subject.valueThe subject value of the SSL certificate.String
DomainTools.PivotedDomains.Hosting.SSLCertificate.subject.countThe subject count of the SSL certificate.Number
DomainTools.PivotedDomains.Hosting.RedirectsTo.valueThe redirects to value of the domain.String
DomainTools.PivotedDomains.Hosting.RedirectsTo.countThe redirects to count of the domain.Number
DomainTools.PivotedDomains.Analytics.GoogleAdsenseTrackingCodeThe tracking code of Google Adsense.Number
DomainTools.PivotedDomains.Analytics.GoogleAnalyticTrackingCodeThe tracking code of Google Analytics.Number

Playbook Image


Indicator_Pivoting-DomainTools_Iris