diff --git a/README.md b/README.md index 40fc316..e24ece5 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Connector Version: 1.5.2 Product Vendor: DomainTools Product Name: DomainTools Iris Investigate Product Version Supported (regex): ".\*" -Minimum Product Version: 6.1.1 +Minimum Product Version: 6.3.0 This app supports investigative actions to profile domain names, get risk scores, and find connected domains that share the same Whois details, web hosting profiles, SSL certificates, and more on DomainTools Iris Investigate @@ -105,8 +105,8 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION [enrich domain](#action-enrich-domain) - Get all Iris Investigate data for a domain except counts using the high volume Iris Enrich API endpoint (if provisioned) [configure scheduled playbooks](#action-configure-scheduled-playbooks) - Run on initial setup to configure the optional monitoring playbooks. This action creates a custom list to manage the playbook scheduling and run status [on poll](#action-on-poll) - Execute scheduled playbooks based on the set interval(mins) in 'domaintools_scheduled_playbooks' custom list. Smaller intervals will result in more accurate schedules -[nod feed](#action-nod-feed) - Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database. -[nad feed](#action-nad-feed) - Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days. +[nod feed](#action-nod-feed) - Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database +[nad feed](#action-nad-feed) - Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days ## action: 'test connectivity' Validate the asset configuration for connectivity @@ -640,7 +640,7 @@ No parameters are required for this action No Output ## action: 'nod feed' -Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database. +Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database Type: **investigate** Read only: **True** @@ -662,13 +662,15 @@ action_result.data.\*.timestamp | string | | action_result.status | string | | success failed action_result.summary | string | | action_result.message | string | | -action_result.parameter.domain | string | | action_result.parameter.after | string | | +action_result.parameter.domain | string | | action_result.parameter.session_id | string | | -action_result.parameter.top | string | | +action_result.parameter.top | string | | +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'nad feed' -Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days. +Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days Type: **investigate** Read only: **True** @@ -690,7 +692,9 @@ action_result.data.\*.timestamp | string | | action_result.status | string | | success failed action_result.summary | string | | action_result.message | string | | -action_result.parameter.domain | string | | action_result.parameter.after | string | | +action_result.parameter.domain | string | | action_result.parameter.session_id | string | | -action_result.parameter.top | string | | \ No newline at end of file +action_result.parameter.top | string | | +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 \ No newline at end of file diff --git a/domaintools_iris.json b/domaintools_iris.json index 322ca8a..cec91b2 100644 --- a/domaintools_iris.json +++ b/domaintools_iris.json @@ -12,7 +12,7 @@ "product_vendor": "DomainTools", "product_name": "DomainTools Iris Investigate", "product_version_regex": ".*", - "min_phantom_version": "6.1.1", + "min_phantom_version": "6.3.0", "python_version": "3", "logo": "logo_domaintools_iris.svg", "logo_dark": "logo_domaintools_iris_dark.svg", @@ -2105,7 +2105,7 @@ }, { "action": "nod feed", - "description": "Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database.", + "description": "Apex-level domains (e.g. example.com but not www.example.com) observed for the first time by the DomainTools sensor network, and which are not present in our DNSDB historical database", "type": "investigate", "identifier": "nod_feed", "read_only": true, @@ -2146,7 +2146,7 @@ "data_path": "action_result.data.*.domain", "data_type": "string", "column_name": "Domain Names", - "column_order": 1, + "column_order": 0, "contains": [ "domain" ] @@ -2155,7 +2155,7 @@ "data_path": "action_result.data.*.timestamp", "data_type": "string", "column_name": "Time Stamp", - "column_order": 2 + "column_order": 1 }, { "data_path": "action_result.status", @@ -2174,11 +2174,11 @@ "data_type": "string" }, { - "data_path": "action_result.parameter.domain", + "data_path": "action_result.parameter.after", "data_type": "string" }, { - "data_path": "action_result.parameter.after", + "data_path": "action_result.parameter.domain", "data_type": "string" }, { @@ -2188,13 +2188,27 @@ { "data_path": "action_result.parameter.top", "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric", + "example_values": [ + 1 + ] + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric", + "example_values": [ + 1 + ] } ], "versions": "EQ(*)" }, { "action": "nad feed", - "description": "Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days.", + "description": "Apex-level domains (e.g. example.com but not www.example.com) DomainTools has newly observed in our DNS sensor network. This includes domains observed in DNS for the first time as well as domains observed in DNS again after not being observed for at least 10 days", "type": "investigate", "identifier": "nad_feed", "read_only": true, @@ -2235,7 +2249,7 @@ "data_path": "action_result.data.*.domain", "data_type": "string", "column_name": "Domain Names", - "column_order": 1, + "column_order": 0, "contains": [ "domain" ] @@ -2244,7 +2258,7 @@ "data_path": "action_result.data.*.timestamp", "data_type": "string", "column_name": "Time Stamp", - "column_order": 2 + "column_order": 1 }, { "data_path": "action_result.status", @@ -2263,11 +2277,11 @@ "data_type": "string" }, { - "data_path": "action_result.parameter.domain", + "data_path": "action_result.parameter.after", "data_type": "string" }, { - "data_path": "action_result.parameter.after", + "data_path": "action_result.parameter.domain", "data_type": "string" }, { @@ -2277,6 +2291,20 @@ { "data_path": "action_result.parameter.top", "data_type": "string" + }, + { + "data_path": "summary.total_objects", + "data_type": "numeric", + "example_values": [ + 1 + ] + }, + { + "data_path": "summary.total_objects_successful", + "data_type": "numeric", + "example_values": [ + 1 + ] } ], "versions": "EQ(*)" diff --git a/release_notes/unreleased.md b/release_notes/unreleased.md index c97af0a..c5605a0 100644 --- a/release_notes/unreleased.md +++ b/release_notes/unreleased.md @@ -1,2 +1,3 @@ +**Unreleased** * Added `nod_feed` action to support for NOD Feeds. * Added `nad_feed` action to support for NAD Feeds.