The DomainTools App for IBM QRadar populates reference data with DomainTools domain profile and Domain Risk Score for domain names observed in IBM QRadar events. Intelligence surfaced from DomainTools, including shared infrastructure and historical identities, stays in the same investigative context, which avoids rework and improves collaboration across team members.
The DomainTools App for IBM QRadar delivers event enrichment by building a reference table with key fields extracted from parsed Whois data. Those fields are then available for teams to create precisely-targeted rules that alert on threat actor identities and the actor’s preferred domain hosting and registration providers. IBM QRadar’s historical correlation feature then enables retroactive searching on those same fields.
The DomainTools App for IBM QRadar adds domain risk scores to a reference map and it immediately populates a reference set with domains with a risk score above a user-configured threshold. The app ships with example rules that leverage these reference data to create offenses for events which contain risky domains.
Learn how DomainTools can bring a number of positive outcomes to your QRadar SIEM, plus see a preview of emerging DomainTools solutions for other IBM products.
IBM QRadar? is a Security Information and Event Management (SIEM) that helps security teams accurately detect and prioritize threats across the enterprise, and it provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents.