DomainTools Iris Enrich
Enrich On-Network Indicators at Scale: The DomainTools Iris Enrich supports high query volumes of domain name attributes including Whois, DNS, SSL certificate, and risk scoring elements to help build out the needed context for appropriate disposition of indicators. It provides actionable insights-at-scale with enterprise-scale ingestion of DomainTools data on Microsoft Sentinel.
This connector is available in the following products and regions:
Service | Class | Regions |
---|---|---|
Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
Power Automate | Premium | All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Power Apps | Premium | All Power Apps regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Contact | |
---|---|
Name | DomainTools Integrations |
URL | https://www.domaintools.com/integrations |
[email protected] |
Connector Metadata | |
---|---|
Publisher | DomainTools, LLC |
Website | http://www.domaintools.com/ |
Privacy policy | https://www.domaintools.com/company/privacy-policy/ |
Categories | Security;Website |
Pre-requisites
You will need the following to proceed:
- A Microsoft Power Apps or Power Automate plan with custom connector feature
- An Azure subscription
- DomainTools API Username
- DomainTools API Key
Support and documentation:
For all the support requests and general queries you can contact [email protected] or contact us
Creating a connection
The connector supports the following authentication types:
Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Name | Type | Description | Required |
---|---|---|---|
API username | securestring | The API username for this api | True |
API key | securestring | The API key for this api | True |
Throttling Limits
Name | Calls | Renewal Period |
---|---|---|
API calls per connection | 100 | 60 seconds |
Actions
Enrich Domain |
Retrieves the infrastructure and whois data associated with a domain or comma-separated list of up to 100 domains. |
Retrieve Account Information |
Information of the active API endpoints, rate limits and usage for an account. |
Enrich Domain
Retrieves the infrastructure and whois data associated with a domain or comma-separated list of up to 100 domains.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Domain Name
|
domain | True | string |
Domain (e.g. name.tld) to be investigated or comma-separated list of domains. |
Returns
- Body
- Enrich_Response
Retrieve Account Information
Information of the active API endpoints, rate limits and usage for an account.
Returns
Acoount Information Response
- Body
- Account_Response
Definitions
Account_Response
Acoount Information Response
Name | Path | Type | Description |
---|---|---|---|
API username
|
account.api_username | string |
API username |
Active
|
account.active | boolean |
Active |
products
|
products | array of object |
Products Information |
ID
|
products.id | string |
ID |
Per Month Limit
|
products.per_month_limit | string |
Per Month Limit |
Per Minute Limit
|
products.per_minute_limit | string |
Per Minute Limit |
Absolute Limit
|
products.absolute_limit | string |
Absolute Limit |
Today Usage
|
products.usage.today | string |
Today Usage |
Month Usage
|
products.usage.month | string |
Month Usage |
Expiration Date
|
products.expiration_date | string |
Expiration Date |
Enrich_Response
Name | Path | Type | Description |
---|---|---|---|
Limit Exceeded
|
response.limit_exceeded | boolean |
DomainTools API results are limited to 5000 entries in a result set. If a query has more than 5000 results, the 'Limit exceeded' returns true. Try refining your query with more specific search terms. |
Message
|
response.message | string |
message |
Results Count
|
response.results_count | integer |
Results Count |
results
|
response.results | array of object |
Results Object |
Domain
|
response.results.domain | string |
Domain |
Whois URL
|
response.results.whois_url | string |
Whois URL |
Adsense Value
|
response.results.adsense.value | string |
Adsense Value |
popularity_rank
|
response.results.popularity_rank |
Popularity Rank |
|
Active
|
response.results.active | boolean |
Active |
google_analytics
|
response.results.google_analytics | object |
Google Analytics |
Administrative Contact Name
|
response.results.admin_contact.name.value | string |
Name of the administrative contact |
Administrative Contact Organization
|
response.results.admin_contact.org.value | string |
Organization of the administrative contact |
Administrative Contact Street
|
response.results.admin_contact.street.value | string |
Street address of the administrative contact |
Administrative Contact City
|
response.results.admin_contact.city.value | string |
City of the administrative contact |
Administrative Contact State
|
response.results.admin_contact.state.value | string |
State or province of the administrative contact |
Administrative Contact Postal
|
response.results.admin_contact.postal.value | string |
Postal code of the administrative contact |
Administrative Contact Country
|
response.results.admin_contact.country.value | string |
Country of the administrative contact |
Administrative Contact Phone
|
response.results.admin_contact.phone.value | string |
Phone number of the administrative contact |
Administrative Contact Fax
|
response.results.admin_contact.fax.value | string |
Fax number of the administrative contact |
email
|
response.results.admin_contact.email | array of object | |
Administrative Contact Email
|
response.results.admin_contact.email.value | string |
Email address of the administrative contact |
Billing Contact Name
|
response.results.billing_contact.name.value | string |
Name of the billing contact |
Billing Contact Organization
|
response.results.billing_contact.org.value | string |
Organization of the billing contact |
Billing Contact Street
|
response.results.billing_contact.street.value | string |
Street address of the billing contact |
Billing Contact City
|
response.results.billing_contact.city.value | string |
City of the billing contact |
Billing Contact State
|
response.results.billing_contact.state.value | string |
State of Province of the billing contact |
Billing Contact Postal
|
response.results.billing_contact.postal.value | string |
Postal Code of the billing contact |
Billing Contact Country
|
response.results.billing_contact.country.value | string |
Country of the billing contact |
Billing Contact Phone
|
response.results.billing_contact.phone.value | string |
Phone number of the billing contact |
Billing Contact Fax
|
response.results.billing_contact.fax.value | string |
Fax number of the billing contact |
email
|
response.results.billing_contact.email | array of object |
Billing Contact Email |
Billing Contact Email
|
response.results.billing_contact.email.value | string |
Email of the billing contact |
Registrant Contact Name
|
response.results.registrant_contact.name.value | string |
Name of the registration contact |
Registrant Contact Organization
|
response.results.registrant_contact.org.value | string |
Organization of the registration contact |
Registrant Contact Street
|
response.results.registrant_contact.street.value | string |
Street Address of the registration contact |
Registrant Contact City
|
response.results.registrant_contact.city.value | string |
City of the registration contact |
Registrant Contact State
|
response.results.registrant_contact.state.value | string |
State or province of the registration contact |
Registrant Contact Postal
|
response.results.registrant_contact.postal.value | string |
Postal code of the registration contact |
Registrant Contact Country
|
response.results.registrant_contact.country.value | string |
Country of the registration contact |
Registrant Contact Phone
|
response.results.registrant_contact.phone.value | string |
Phone number of the registration contact |
Registrant Contact Fax
|
response.results.registrant_contact.fax.value | string |
Fax number of the registration contact |
email
|
response.results.registrant_contact.email | array of object |
Registrant Contact Email |
Registrant Contact Email
|
response.results.registrant_contact.email.value | string |
Email of the registration contact |
Technical Contact Name
|
response.results.technical_contact.name.value | string |
Name of the technical contact |
Technical Contact Organization
|
response.results.technical_contact.org.value | string |
Organization of the technical contact |
Technical Contact Street
|
response.results.technical_contact.street.value | string |
Street address of the technical contact |
Technical Contact City
|
response.results.technical_contact.city.value | string |
City of the technical contact |
Technical Contact State
|
response.results.technical_contact.state.value | string |
State or province of the technical contact |
Technical Contact Postal
|
response.results.technical_contact.postal.value | string |
Postal code of the technical contact |
Technical Contact Country
|
response.results.technical_contact.country.value | string |
Country of the technical contact |
Technical Contact Phone
|
response.results.technical_contact.phone.value | string |
Phone number of the technical contact |
Technical Contact Fax
|
response.results.technical_contact.fax.value | string |
Fax number of the technical contact |
email
|
response.results.technical_contact.email | array of object |
Technical Contact Email |
Technical Contact Email
|
response.results.technical_contact.email.value | string |
Email of the technical contact |
Create Date
|
response.results.create_date.value | string |
Creation date for the domain |
Expiration Date
|
response.results.expiration_date.value | string |
Expiration date for the domain |
email_domain
|
response.results.email_domain | array of object | |
Email Domain
|
response.results.email_domain.value | string |
Email Domain |
soa_email
|
response.results.soa_email | array of object |
SOA Email |
SOA Email
|
response.results.soa_email.value | string |
SOA Email |
ssl_email
|
response.results.ssl_email | array of object |
SSL Email |
SSL Email
|
response.results.ssl_email.value | string |
SSL Email |
additional_whois_email
|
response.results.additional_whois_email | array of object |
Additional Whois Email |
Additional Whois Email
|
response.results.additional_whois_email.value | string |
Additional Whois Email |
ip
|
response.results.ip | array of object |
IP Address Object |
IP Address
|
response.results.ip.address.value | string |
IP Address |
asn
|
response.results.ip.asn | array of object |
IP Address ASN |
IP Address ASN
|
response.results.ip.asn.value | integer |
IP Address ASN |
IP Address Country Code
|
response.results.ip.country_code.value | string |
IP Address Country Code |
IP Address ISP
|
response.results.ip.isp.value | string |
IP Address ISP |
mx
|
response.results.mx | array of object |
MX Object |
MX host
|
response.results.mx.host.value | string |
MX host |
MX Domain
|
response.results.mx.domain.value | string |
MX Domain |
ip
|
response.results.mx.ip | array of object |
MX IP |
MX IP
|
response.results.mx.ip.value | string |
MX IP |
MX Priority
|
response.results.mx.priority | integer |
MX Priority |
name_server
|
response.results.name_server | array of object |
Nameserver Object |
Nameserver Host
|
response.results.name_server.host.value | string |
Nameserver Host |
Nameserver Domain
|
response.results.name_server.domain.value | string |
Nameserver Domain |
ip
|
response.results.name_server.ip | array of object |
Nameserver IP |
Nameserver IP
|
response.results.name_server.ip.value | string |
Nameserver IP |
Risk Score
|
response.results.domain_risk.risk_score | integer |
Risk Score |
components
|
response.results.domain_risk.components | array of object |
Domain Risk Components |
Domain Risk Component Name
|
response.results.domain_risk.components.name | string |
Domain Risk Component Name |
Domain Risk Component Risk Score
|
response.results.domain_risk.components.risk_score | integer |
Domain Risk Component Risk Score |
threats
|
response.results.domain_risk.components.threats | array of string |
Domain Risk Threats |
evidence
|
response.results.domain_risk.components.evidence | array of string |
Domain Risk Evidence |
Redirect
|
response.results.redirect.value | string |
Redirect |
Redirect Domain
|
response.results.redirect_domain.value | string |
Redirect Domain |
Registrant Name
|
response.results.registrant_name.value | string |
Registrant Name |
Registrant Organization
|
response.results.registrant_org.value | string |
Registrant Organization |
registrar
|
response.results.registrar |
Registrar Name |
|
registrar_status
|
response.results.registrar_status | array of string |
Registrar Status |
SPF Info
|
response.results.spf_info | string |
SPF Info |
ssl_info
|
response.results.ssl_info | array of object |
SSL Info Object |
SSL Info Hash Value
|
response.results.ssl_info.hash.value | string |
SSL Info Hash Value |
SSL Info Hash Subject
|
response.results.ssl_info.hash.subject.value | string |
SSL Info Hash Subject |
SSL Info Hash Organization
|
response.results.ssl_info.hash.organization.value | string |
SSL Info Hash Organization |
email
|
response.results.ssl_info.hash.email | array of string |
SSL Info Hash Email |
TLD
|
response.results.tld | string |
TLD |
website_response
|
response.results.website_response |
Website Response |
|
Data Updated Timestamp
|
response.results.data_updated_timestamp | string |
Data Updated Timestamp |
tags
|
response.results.tags | array of |
Tags |
missing_domains
|
response.missing_domains | array of |
Missing Domains |