The DomainTools MISP module helps Threat Intelligence teams and Security Analysts uncover actor infrastructure and profile threats by leveraging DomainTools APIs. Utilizing both the hover and expansion capabilities of MISP, analysts receive additional context on indicators. This allows them to map connected infrastructure and surface historical domain information to better assess risk.
Optimized for MISP hover actions, the Analyze capability provides Whois data, a Domain Risk Score and counts of connected domains to help give quick context on an indicator to inform an interesting pivot and map connected infrastructure.
The Historic capability will act on Domains or URLs to find historical context by expanding domain names to lists of registrars, IPs and emails historically connected with that indicator.
Optimized for enrichment actions, the Pivot capability provides additional context on indicators by automatically building out a list of connected infrastructure from the counts presented in the Analyze capability.
MISP is a free and open source threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.