DomainTools Iris Enrich

Enrich On-Network Indicators at Scale: The DomainTools Iris Enrich supports high query volumes of domain name attributes including Whois, DNS, SSL certificate, and risk scoring elements to help build out the needed context for appropriate disposition of indicators. It provides actionable insights-at-scale with enterprise-scale ingestion of DomainTools data on Microsoft Sentinel.

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
     -   US Department of Defense (DoD)
Power Automate Premium All Power Automate regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Power Apps Premium All Power Apps regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Contact
Name DomainTools Integrations
URL https://www.domaintools.com/integrations
Email enterprisesupport@domaintools.com
Connector Metadata
Publisher DomainTools, LLC
Website http://www.domaintools.com/
Privacy policy https://www.domaintools.com/company/privacy-policy/
Categories Security;Website

Pre-requisites

You will need the following to proceed:

  • A Microsoft Power Apps or Power Automate plan with custom connector feature
  • An Azure subscription
  • DomainTools API Username
  • DomainTools API Key

Support and documentation:

For all the support requests and general queries you can contact enterprisesupport@domaintools.com or contact us

Creating a connection

The connector supports the following authentication types:

Default Parameters for creating connection. All regions Not shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Name Type Description Required
API username securestring The API username for this api True
API key securestring The API key for this api True

Throttling Limits

Name Calls Renewal Period
API calls per connection 100 60 seconds

Actions

Enrich Domain

Retrieves the infrastructure and whois data associated with a domain or comma-separated list of up to 100 domains.

Retrieve Account Information

Information of the active API endpoints, rate limits and usage for an account.

Enrich Domain

Retrieves the infrastructure and whois data associated with a domain or comma-separated list of up to 100 domains.

Parameters

Name Key Required Type Description
Domain Name
domain True string

Domain (e.g. name.tld) to be investigated or comma-separated list of domains.

Returns

Retrieve Account Information

Information of the active API endpoints, rate limits and usage for an account.

Returns

Acoount Information Response

Definitions

Account_Response

Acoount Information Response

Name Path Type Description
API username
account.api_username string

API username

Active
account.active boolean

Active

products
products array of object

Products Information

ID
products.id string

ID

Per Month Limit
products.per_month_limit string

Per Month Limit

Per Minute Limit
products.per_minute_limit string

Per Minute Limit

Absolute Limit
products.absolute_limit string

Absolute Limit

Today Usage
products.usage.today string

Today Usage

Month Usage
products.usage.month string

Month Usage

Expiration Date
products.expiration_date string

Expiration Date

Enrich_Response

Name Path Type Description
Limit Exceeded
response.limit_exceeded boolean

DomainTools API results are limited to 5000 entries in a result set. If a query has more than 5000 results, the 'Limit exceeded' returns true. Try refining your query with more specific search terms.

Message
response.message string

message

Results Count
response.results_count integer

Results Count

results
response.results array of object

Results Object

Domain
response.results.domain string

Domain

Whois URL
response.results.whois_url string

Whois URL

Adsense Value
response.results.adsense.value string

Adsense Value

popularity_rank
response.results.popularity_rank

Popularity Rank

Active
response.results.active boolean

Active

google_analytics
response.results.google_analytics object

Google Analytics

Administrative Contact Name
response.results.admin_contact.name.value string

Name of the administrative contact

Administrative Contact Organization
response.results.admin_contact.org.value string

Organization of the administrative contact

Administrative Contact Street
response.results.admin_contact.street.value string

Street address of the administrative contact

Administrative Contact City
response.results.admin_contact.city.value string

City of the administrative contact

Administrative Contact State
response.results.admin_contact.state.value string

State or province of the administrative contact

Administrative Contact Postal
response.results.admin_contact.postal.value string

Postal code of the administrative contact

Administrative Contact Country
response.results.admin_contact.country.value string

Country of the administrative contact

Administrative Contact Phone
response.results.admin_contact.phone.value string

Phone number of the administrative contact

Administrative Contact Fax
response.results.admin_contact.fax.value string

Fax number of the administrative contact

email
response.results.admin_contact.email array of object
Administrative Contact Email
response.results.admin_contact.email.value string

Email address of the administrative contact

Billing Contact Name
response.results.billing_contact.name.value string

Name of the billing contact

Billing Contact Organization
response.results.billing_contact.org.value string

Organization of the billing contact

Billing Contact Street
response.results.billing_contact.street.value string

Street address of the billing contact

Billing Contact City
response.results.billing_contact.city.value string

City of the billing contact

Billing Contact State
response.results.billing_contact.state.value string

State of Province of the billing contact

Billing Contact Postal
response.results.billing_contact.postal.value string

Postal Code of the billing contact

Billing Contact Country
response.results.billing_contact.country.value string

Country of the billing contact

Billing Contact Phone
response.results.billing_contact.phone.value string

Phone number of the billing contact

Billing Contact Fax
response.results.billing_contact.fax.value string

Fax number of the billing contact

email
response.results.billing_contact.email array of object

Billing Contact Email

Billing Contact Email
response.results.billing_contact.email.value string

Email of the billing contact

Registrant Contact Name
response.results.registrant_contact.name.value string

Name of the registration contact

Registrant Contact Organization
response.results.registrant_contact.org.value string

Organization of the registration contact

Registrant Contact Street
response.results.registrant_contact.street.value string

Street Address of the registration contact

Registrant Contact City
response.results.registrant_contact.city.value string

City of the registration contact

Registrant Contact State
response.results.registrant_contact.state.value string

State or province of the registration contact

Registrant Contact Postal
response.results.registrant_contact.postal.value string

Postal code of the registration contact

Registrant Contact Country
response.results.registrant_contact.country.value string

Country of the registration contact

Registrant Contact Phone
response.results.registrant_contact.phone.value string

Phone number of the registration contact

Registrant Contact Fax
response.results.registrant_contact.fax.value string

Fax number of the registration contact

email
response.results.registrant_contact.email array of object

Registrant Contact Email

Registrant Contact Email
response.results.registrant_contact.email.value string

Email of the registration contact

Technical Contact Name
response.results.technical_contact.name.value string

Name of the technical contact

Technical Contact Organization
response.results.technical_contact.org.value string

Organization of the technical contact

Technical Contact Street
response.results.technical_contact.street.value string

Street address of the technical contact

Technical Contact City
response.results.technical_contact.city.value string

City of the technical contact

Technical Contact State
response.results.technical_contact.state.value string

State or province of the technical contact

Technical Contact Postal
response.results.technical_contact.postal.value string

Postal code of the technical contact

Technical Contact Country
response.results.technical_contact.country.value string

Country of the technical contact

Technical Contact Phone
response.results.technical_contact.phone.value string

Phone number of the technical contact

Technical Contact Fax
response.results.technical_contact.fax.value string

Fax number of the technical contact

email
response.results.technical_contact.email array of object

Technical Contact Email

Technical Contact Email
response.results.technical_contact.email.value string

Email of the technical contact

Create Date
response.results.create_date.value string

Creation date for the domain

Expiration Date
response.results.expiration_date.value string

Expiration date for the domain

email_domain
response.results.email_domain array of object
Email Domain
response.results.email_domain.value string

Email Domain

soa_email
response.results.soa_email array of object

SOA Email

SOA Email
response.results.soa_email.value string

SOA Email

ssl_email
response.results.ssl_email array of object

SSL Email

SSL Email
response.results.ssl_email.value string

SSL Email

additional_whois_email
response.results.additional_whois_email array of object

Additional Whois Email

Additional Whois Email
response.results.additional_whois_email.value string

Additional Whois Email

ip
response.results.ip array of object

IP Address Object

IP Address
response.results.ip.address.value string

IP Address

asn
response.results.ip.asn array of object

IP Address ASN

IP Address ASN
response.results.ip.asn.value integer

IP Address ASN

IP Address Country Code
response.results.ip.country_code.value string

IP Address Country Code

IP Address ISP
response.results.ip.isp.value string

IP Address ISP

mx
response.results.mx array of object

MX Object

MX host
response.results.mx.host.value string

MX host

MX Domain
response.results.mx.domain.value string

MX Domain

ip
response.results.mx.ip array of object

MX IP

MX IP
response.results.mx.ip.value string

MX IP

MX Priority
response.results.mx.priority integer

MX Priority

name_server
response.results.name_server array of object

Nameserver Object

Nameserver Host
response.results.name_server.host.value string

Nameserver Host

Nameserver Domain
response.results.name_server.domain.value string

Nameserver Domain

ip
response.results.name_server.ip array of object

Nameserver IP

Nameserver IP
response.results.name_server.ip.value string

Nameserver IP

Risk Score
response.results.domain_risk.risk_score integer

Risk Score

components
response.results.domain_risk.components array of object

Domain Risk Components

Domain Risk Component Name
response.results.domain_risk.components.name string

Domain Risk Component Name

Domain Risk Component Risk Score
response.results.domain_risk.components.risk_score integer

Domain Risk Component Risk Score

threats
response.results.domain_risk.components.threats array of string

Domain Risk Threats

evidence
response.results.domain_risk.components.evidence array of string

Domain Risk Evidence

Redirect
response.results.redirect.value string

Redirect

Redirect Domain
response.results.redirect_domain.value string

Redirect Domain

Registrant Name
response.results.registrant_name.value string

Registrant Name

Registrant Organization
response.results.registrant_org.value string

Registrant Organization

registrar
response.results.registrar

Registrar Name

registrar_status
response.results.registrar_status array of string

Registrar Status

SPF Info
response.results.spf_info string

SPF Info

ssl_info
response.results.ssl_info array of object

SSL Info Object

SSL Info Hash Value
response.results.ssl_info.hash.value string

SSL Info Hash Value

SSL Info Hash Subject
response.results.ssl_info.hash.subject.value string

SSL Info Hash Subject

SSL Info Hash Organization
response.results.ssl_info.hash.organization.value string

SSL Info Hash Organization

email
response.results.ssl_info.hash.email array of string

SSL Info Hash Email

TLD
response.results.tld string

TLD

website_response
response.results.website_response

Website Response

Data Updated Timestamp
response.results.data_updated_timestamp string

Data Updated Timestamp

tags
response.results.tags array of

Tags

missing_domains
response.missing_domains array of

Missing Domains