3
1.0.0
Washington DC, Vancouver
Incident Response and Threat Intelligence:
- When a security incident occurs within the organization, ServiceNow can automatically trigger DomainTools queries to gather comprehensive threat intelligence about the domains involved.
- The integration can enrich incident tickets with information such as domain ownership details, historical DNS records, associated IP addresses, and known malicious activities.
- Security analysts can leverage this enriched data to make informed decisions quickly, prioritize incidents effectively, and respond to threats more efficiently.
Phishing Investigation and Remediation:
- ServiceNow can integrate with DomainTools to streamline the process of investigating and mitigating phishing attacks.
- When a suspected phishing email is reported or detected, ServiceNow can automatically initiate DomainTools queries to gather information about the domains linked to the attack.
- Security teams can then analyze the domain's reputation, registration details, and historical associations to determine its legitimacy.
- If the domain is confirmed malicious, ServiceNow can facilitate the remediation process by automatically blocking the domain at the email gateway or updating firewall rules.
Third-Party Risk Management:
- Organizations can use ServiceNow to manage and assess the risks associated with their third-party vendors and partners.
- By integrating with DomainTools, ServiceNow can continuously monitor the domains of third-party entities for any signs of compromise or malicious activity.
- ServiceNow can automatically alert risk management teams when DomainTools identifies suspicious behavior or changes in domain status, enabling proactive risk mitigation measures.
- This integration helps businesses ensure the security and integrity of their supply chain and ecosystem by identifying and addressing potential vulnerabilities promptly.
Asset Management and Compliance:
- ServiceNow can leverage DomainTools integration to enhance asset management and compliance processes.
- By automatically querying DomainTools for domain-related information, ServiceNow can enrich asset records with details such as domain ownership, expiration dates, and associated infrastructure.
- This integration enables organizations to maintain an up-to-date inventory of their digital assets and ensure compliance with regulatory requirements.
- ServiceNow can also generate alerts for upcoming domain renewals or changes in registration details, helping organizations prevent inadvertent lapses in domain ownership and maintain business continuity.
Efficient Workflow Actions:
- Investigate Domain: Obtain infrastructure and whoIs data for up to 100 domains effortlessly.
- Domain Risk Score: Prioritize triaging with DomainTools' risk score for effective incident management.
- Reverse IP: Explore domains associated with an IPv4 address via active DNS checks.
- Pivot by Registrant Name/Org: Easily retrieve domains matching specific Whois registrant details.
- Pivot by Nameserver/MX IP: Identify domains served by designated nameservers or mail servers.
- Reverse Email: Discover domains associated with an email address from various records.
- Return Domains from Search Hash: Import domains from Iris Investigate into the platform.
- Enrich Domain: Access infrastructure and whois data for up to 100 domains with ease.
Comprehensive Playbooks:
- Iris Investigate Integration: Leverage Iris Investigate data for thorough incident analysis.
- Guided Pivots: Highlight common attributes among domains to guide investigators effectively.
- Malicious Tags Tracking: Monitor malicious activities by tagging domains of interest.
- Iris Enrich Domain: Utilize Iris Enrich API for high-volume domain infrastructure lookups.
Workflow Actions:
- Investigate Domain
- Domain Risk Score
- Investigate URL Domain
- Reverse IP
- Pivot by Registrant
- Pivot by Nameserver/MX
- Reverse Email
- Return Domains from Search Hash
- Enrich Domain
Playbooks Added:
- DomainTools Iris Investigate Domain
- DomainTools Iris Investigate Domain Risk Score:
- DomainTools Iris Investigate URL Playbook
- DomainTools Iris Investigate Guided Pivots
- DomainTools Iris Investigate Malicious Tags
- DomainTools Iris Enrich Domain:
Note: This release marks the initial launch of the application, providing users with a comprehensive suite of tools for domain investigation and incident response.
The integration requires the Security Incident Response and Threat Intelligence products.