DomainTools, the leader in the domain name and DNS-based cyber threat intelligence, today announced DomainTools App for Elastic, the company behind Elasticsearch and the Elastic Stack. The app is an integration providing maximum value for DomainTools customers who are using the Elastic Stack within their Security Operations.
The DomainTools App for Elastic will integrate with the Elastic Stack, and customers utilizing Elastic solutions can leverage all functionalities readily out of the box. Maximizing value for DomainTools customers, the app enables core enrichment functionality. This provides a smooth user experience for analyzing our diverse dataset, creating a stable and scalable app architecture, and allowing ad hoc investigations of domains from within Elastic.
This new app gives customers a variety of features:
- Leverage the Threat Intelligence Dashboard for risk metrics to highlight malicious activity
- Lookup domains from within Kibana, or utilize a customized UI to template our varied dataset from Iris
- Proactively monitor potentially malicious domains prior to misuse Configure LogSources and Indexes
- View configurations of Enrichment Settings in App UI
- Manage a list of allowing listed domains (up to 1k)
- …and more
“Elastic’s community and partner momentum enable our users to benefit from the innovative work our technology partners are developing,” said Craig Griffin, VP of Cloud and Technology Partners at Elastic. “DomainTools’ integration with Elastic Security will enable SOC teams to accelerate their security investigations and response with impactful intelligence datasets and visualizations, all within the Elastic UI.”
The DomainTools App for Elastic leverages ECS schema out-of-the-box. For all domains that are in our cache, the enrichment takes place while events are being indexed—providing actionable threat intel in real-time. The DomainTools App for Elastic is available directly from DomainTools to customers immediately.