The DomainTools Enrichment app is a contextually aware Spaces app that allows ThreatConnect® users to enrich compatible Indicators (Host, Address, and EmailAddress) with information from DomainTools services.
- On the top navigation bar (Figure 1), place the cursor over BROWSE and then over the INDICATORS option. Click on an object (ADDRESS in this example) to display a results table (Figure 2).
- Click on an entry, and the Details window for that entry will appear (Figure 3).
- Click the Details icon at the top right corner of the window, and the Overview tab of the Details screen will appear (Figure 4).
- Click the Spaces tab, and the Spaces screen will appear (Figure 5).
- Click the + Add App button, and the Add Address App window will appear (Figure 6).
- Select TCS - DomainTools v1.0 from the Select App dropdown menu, and then click the ADD button. The app will now appear in the Space (Figure 7).
- Click the pencil icon at the top right, and the Configure App window will appear (Figure 8).
- Change the app’s Title if desired, and enter or change the DomainTools API Username, DomainTools API Key, DomainTools API URL, Auto refresh interval, and Logging Level. Click on the $ buttons to view a dropdown list of variables that may be chosen for the corresponding item. When finished, click the SAVE button. The Space will now display DomainTools enrichment data for the given Indicator (Figure 9).
- Click on the Network, Contacts, and Routes tabs to view current DomainTools information in those categories. Click on the double-arrow icon to the left of those tabs to view a sidebar (Figure 10). The Services section contains data for DomainTools services applicable to the subscription level for the DomainTools API used. The App History section shows historical data about the Indicator included in the user’s DomainTools subscription. Click on the view… links for more details about each item.
- To delete the app, click the trash icon on the top right.