The DomainTools Action for ThreatQ allows users to perform automated bulk lookups against DomainTools' Iris API. This API provides information such as risk scores, popularity ranks, threats, and more. Ultimately, the enrichment data provided by this action can be used to make more informed decisions when prioritizing the domains for further investigation or blacklisting.

The integration provides the following action:

• DomainTools Iris - Enrich Domains - enriches domains using the Iris Enrich/Investigate APIs.

The action is compatible with FQDN type indicators.

The action returns enriched FQDN and IP Address type indicators.

Note:  This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.