Iris Investigation Platform
Map connected infrastructure to get ahead of threats
Detect. Investigate. Prevent.
Iris is a proprietary threat intelligence and investigation platform that combines enterprise-grade domain intelligence and risk scoring with industry-leading passive DNS data from Farsight Security and other top-tier providers. An intuitive web interface and API atop these data sources help security teams quickly and efficiently investigate potential cybercrime and cyberespionage.
Key Benefits
 |
Designed by investigators, for investigators |
 |
Changes the Economics of Adversary Analysis |
 |
Better Data Gives You Better Answers |
Features
DNS History
SSL Profiles
Domain Risk Score
Identify dangerous infrastructure with Domain Risk Score- Quickly assess whether to allow, conditionally allow, or deny various types of connections.
- Know whether a domain is going to cause harm the moment it's registered.
- Gain visibility into what type of risk the domain represents.
DNS History
Look back in time for more information about domains, registrants, and infrastructure- Mine 10+ years of Whois records to find connections that may not be apparent in current records.
- See historical as well as current infrastructure associated with a domain, with access to extensive passive DNS records.
- Track the evolution of threat actor campaigns via the domains and IP addresses they have used.
SSL Profiles
SSL and TLS certificates are one of the most useful datasets for profiling and connecting domains- Analyze the contents of the certificate to assess trustworthiness or risk level of the domain hosting the certificate.
- Find other domains that share the same certificate.
- Pivot to other domains shown in the Subject Alternative Name section.
Iris API Integration
Investigate API
The Iris Investigate API is ideally suited for investigate and orchestrate uses cases at human scale. These are typically triggered on-demand by an analyst seeking additional context on a single indicator, with the best results available for investigations that begin with one or more domain names.
Enrich API
The Iris Enrich API is designed to support use cases that require high query volumes with generous rate limiting and fast response times. This may include enrichment of every domain name observed on a company’s network, typically sourced from web proxy or DNS logs and surfaced in a SIEM or custom-built analytics platform.
Support & Learning
A selection of documents and materials related to DomainTools industry topics.
Related Products
Our security products can help you find out if a domain name is risky, who's behind it, and what other cyber-assets are associated with it.
Monitoring Products
Track many different kinds of information and receive alerts as soon as changes are detected.