Skip to content

Commit

Permalink
Merge pull request #38 from DomainTools/1.5.2
Browse files Browse the repository at this point in the history 
DomainTools Iris Investigate: Other - Fix failing CI checks for 1.5.2 release
  • Loading branch information
@dnunes-domaintools
dnunes-domaintools authored Dec 27, 2024
2 parents 5a5e8c7 + fed4d2f commit abfc7ab
Show file tree
Hide file tree
Showing 3 changed files with 53 additions and 20 deletions.
22 changes: 13 additions & 9 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Connector Version: 1.5.2
Product Vendor: DomainTools
Product Name: DomainTools Iris Investigate
Product Version Supported (regex): ".\*"
Minimum Product Version: 6.1.1
Minimum Product Version: 6.3.0

This app supports investigative actions to profile domain names, get risk scores, and find connected domains that share the same Whois details, web hosting profiles, SSL certificates, and more on DomainTools Iris Investigate

Expand Down Expand Up @@ -105,8 +105,8 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION
[enrich domain](#action-enrich-domain) - Get all Iris Investigate data for a domain except counts using the high volume Iris Enrich API endpoint (if provisioned)
[configure scheduled playbooks](#action-configure-scheduled-playbooks) - Run on initial setup to configure the optional monitoring playbooks. This action creates a custom list to manage the playbook scheduling and run status
[on poll](#action-on-poll) - Execute scheduled playbooks based on the set interval(mins) in 'domaintools_scheduled_playbooks' custom list. Smaller intervals will result in more accurate schedules
[nod feed](#action-nod-feed) - Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database.
[nad feed](#action-nad-feed) - Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days.
[nod feed](#action-nod-feed) - Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database
[nad feed](#action-nad-feed) - Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days

## action: 'test connectivity'
Validate the asset configuration for connectivity
Expand Down Expand Up @@ -640,7 +640,7 @@ No parameters are required for this action
No Output

## action: 'nod feed'
Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database.
Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database

Type: **investigate**
Read only: **True**
Expand All @@ -662,13 +662,15 @@ action_result.data.\*.timestamp | string | |
action_result.status | string | | success failed
action_result.summary | string | |
action_result.message | string | |
action_result.parameter.domain | string | |
action_result.parameter.after | string | |
action_result.parameter.domain | string | |
action_result.parameter.session_id | string | |
action_result.parameter.top | string | |
action_result.parameter.top | string | |
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1

## action: 'nad feed'
Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days.
Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days

Type: **investigate**
Read only: **True**
Expand All @@ -690,7 +692,9 @@ action_result.data.\*.timestamp | string | |
action_result.status | string | | success failed
action_result.summary | string | |
action_result.message | string | |
action_result.parameter.domain | string | |
action_result.parameter.after | string | |
action_result.parameter.domain | string | |
action_result.parameter.session_id | string | |
action_result.parameter.top | string | |
action_result.parameter.top | string | |
summary.total_objects | numeric | | 1
summary.total_objects_successful | numeric | | 1
50 changes: 39 additions & 11 deletions domaintools_iris.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
"product_vendor": "DomainTools",
"product_name": "DomainTools Iris Investigate",
"product_version_regex": ".*",
"min_phantom_version": "6.1.1",
"min_phantom_version": "6.3.0",
"python_version": "3",
"logo": "logo_domaintools_iris.svg",
"logo_dark": "logo_domaintools_iris_dark.svg",
Expand Down Expand Up @@ -2105,7 +2105,7 @@
},
{
"action": "nod feed",
"description": "Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database.",
"description": "Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database",
"type": "investigate",
"identifier": "nod_feed",
"read_only": true,
Expand Down Expand Up @@ -2146,7 +2146,7 @@
"data_path": "action_result.data.*.domain",
"data_type": "string",
"column_name": "Domain Names",
"column_order": 1,
"column_order": 0,
"contains": [
"domain"
]
Expand All @@ -2155,7 +2155,7 @@
"data_path": "action_result.data.*.timestamp",
"data_type": "string",
"column_name": "Time Stamp",
"column_order": 2
"column_order": 1
},
{
"data_path": "action_result.status",
Expand All @@ -2174,11 +2174,11 @@
"data_type": "string"
},
{
"data_path": "action_result.parameter.domain",
"data_path": "action_result.parameter.after",
"data_type": "string"
},
{
"data_path": "action_result.parameter.after",
"data_path": "action_result.parameter.domain",
"data_type": "string"
},
{
Expand All @@ -2188,13 +2188,27 @@
{
"data_path": "action_result.parameter.top",
"data_type": "string"
},
{
"data_path": "summary.total_objects",
"data_type": "numeric",
"example_values": [
1
]
},
{
"data_path": "summary.total_objects_successful",
"data_type": "numeric",
"example_values": [
1
]
}
],
"versions": "EQ(*)"
},
{
"action": "nad feed",
"description": "Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days.",
"description": "Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days",
"type": "investigate",
"identifier": "nad_feed",
"read_only": true,
Expand Down Expand Up @@ -2235,7 +2249,7 @@
"data_path": "action_result.data.*.domain",
"data_type": "string",
"column_name": "Domain Names",
"column_order": 1,
"column_order": 0,
"contains": [
"domain"
]
Expand All @@ -2244,7 +2258,7 @@
"data_path": "action_result.data.*.timestamp",
"data_type": "string",
"column_name": "Time Stamp",
"column_order": 2
"column_order": 1
},
{
"data_path": "action_result.status",
Expand All @@ -2263,11 +2277,11 @@
"data_type": "string"
},
{
"data_path": "action_result.parameter.domain",
"data_path": "action_result.parameter.after",
"data_type": "string"
},
{
"data_path": "action_result.parameter.after",
"data_path": "action_result.parameter.domain",
"data_type": "string"
},
{
Expand All @@ -2277,6 +2291,20 @@
{
"data_path": "action_result.parameter.top",
"data_type": "string"
},
{
"data_path": "summary.total_objects",
"data_type": "numeric",
"example_values": [
1
]
},
{
"data_path": "summary.total_objects_successful",
"data_type": "numeric",
"example_values": [
1
]
}
],
"versions": "EQ(*)"
Expand Down
1 change: 1 addition & 0 deletions release_notes/unreleased.md
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
**Unreleased**
* Added `nod_feed` action to support for NOD Feeds.
* Added `nad_feed` action to support for NAD Feeds.

0 comments on commit abfc7ab

Please sign in to comment.