DomainTools
Integration version: 7.0
Configure DomainTools integration in Google Security Operations
For detailed instructions on how to configure an integration in Google SecOps, see Configure integrations .
Actions
Get Domain Profile
Description
Enrich an external domain entity with DomainTools that threatens data from Intelligence and returns a CSV output.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the following entities:
- URL
- Hostname
- Domain
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_succeed
|
True/False | is_succeed:False |
JSON Result
[
{
"Entity"
:
"example-domain.com"
,
"EntityResult"
:
{
"registrant"
:
{
"name"
:
"Privacy Protect LLC"
,
"domains"
:
66370905
,
"product_url"
:
"https:\\/\\/reversewhois.domaintools.com\\/?all[]=Privacy+Protect+LLC&none[]="
},
"server"
:
{
"ip_address"
:
"192.0.2.1"
,
"other_domains"
:
1898
,
"product_url"
:
"https:\\/\\/reverseip.domaintools.com\\/search\\/?q=example-domain.com"
},
"registration"
:
{
"created"
:
"2024-01-15"
,
"expires"
:
"2025-01-15"
,
"updated"
:
"2024-10-22"
,
"registrar"
:
"Example Registrar Co."
,
"statuses"
:
[
"clientDeleteProhibited"
,
"clientRenewProhibited"
,
"clientTransferProhibited"
,
"clientUpdateProhibited"
]
}
}
}
]
Get Domain Risk
Description
Enrich the external domain entity with the domain risk score that was given by DomainTools data.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
|
Threshold
|
String | N/A | Mark entity as suspicious if the domain risk score passes the given threshold. e.g. 3. |
Use cases
N/A
Run On
This action runs on the following entities:
- URL
- Hostname
- Domain
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_risky
|
True/False | is_risky:False |
JSON Result
[
{
"Entity"
:
"risky-example-one.com"
,
"EntityResult"
:
{
"domain"
:
"risky-example-one.com"
,
"risk_score"
:
99
,
"components"
:
[
{
"name"
:
"proximity"
,
"risk_score"
:
70
},
{
"name"
:
"threat_profile"
,
"risk_score"
:
99
},
{
"name"
:
"threat_profile_phishing"
,
"risk_score"
:
99
},
{
"name"
:
"threat_profile_malware"
,
"risk_score"
:
95
},
{
"name"
:
"threat_profile_spam"
,
"risk_score"
:
0
}
]
}
},
{
"Entity"
:
"high-risk-test.net"
,
"EntityResult"
:
{
"domain"
:
"high-risk-test.net"
,
"risk_score"
:
99
,
"components"
:
[
{
"name"
:
"proximity"
,
"risk_score"
:
70
},
{
"name"
:
"thre at_profile"
,
"risk_score"
:
99
},
{
"name"
:
"threat_profile_phishing"
,
"risk_score"
:
99
},
{
"name"
:
"threat_profile_malware"
,
"risk_score"
:
95
},
{
"name"
:
"threat_profile_spam"
,
"risk_score"
:
0
}
]
}
}
]
Get Hosting History
Description
Receive, enrich, and add a CSV table to the Domain Hosting History Information.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the following entities:
- URL
- Hostname
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_succeed
|
True/False | is_succeed:False |
JSON Result
N/A
Ping
Description
Test Connectivity.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the following entities:
- URL
- Hostname
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
is_success
|
True/False | is_success:False |
JSON Result
N/A
Recent Domains
Description
Look for new domains with a specific word in them.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
|
String Query
|
String | N/A | Search for new domains containing a particular word. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
null
|
N/A | N/A |
JSON Result
N/A
Reverse Domain
Description
Find IPs pointing to a certain domain.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the following entities:
- URL
- Hostname
- Domain
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
null
|
N/A | N/A |
JSON Result
[
{
"Entity"
:
"http://www.example-domain.com/"
,
"EntityResult"
:
{
"ip_addresses"
:
[
{
"ip_address"
:
"192.0.2.10"
,
"domain_count"
:
2
,
"domain_names"
:
[
"malware-host.net"
,
"test-site-two.org"
]
},
{
"ip_address"
:
"192.0.2.11"
,
"domain_count"
:
1
,
"domain_names"
:
[
"another-test-domain.com"
]
}
]
}
}
]
Reverse Email
Description
Find domains with an email address in their WhoIs record.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the User entity.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
null
|
N/A | N/A |
JSON Result
N/A
Reverse IP
Description
Find domain names that share a particular IP address.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the IP Address entity.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
|
null
|
N/A | N/A |
JSON Result
N/A
Need more help? Get answers from Community members and Google SecOps professionals.
