Iris Investigation Platform
Map connected infrastructure to get ahead of threats
Iris Investigation Platform
Map connected infrastructure to get ahead of threats
Detect. Investigate. Prevent.
Iris is a proprietary threat intelligence and investigation platform that combines enterprise-grade domain intelligence and risk scoring with industry-leading passive DNS data from Farsight Security and other top-tier providers. An intuitive web interface and API atop these data sources help security teams quickly and efficiently investigate potential cybercrime and cyberespionage.
Features
Domain Risk Score
Identify dangerous infrastructure with Domain Risk Score
- Quickly assess whether to allow, conditionally allow, or deny various types of connections.
- Know whether a domain is going to cause harm the moment it’s registered.
- Gain visibility into what type of risk the domain represents.
DNS History
Look back in time for more information about domains, registrants, and infrastructure
- Mine 10+ years of Whois records to find connections that may not be apparent in current records.
- See historical as well as current infrastructure associated with a domain, with access to extensive passive DNS records.
- Track the evolution of threat actor campaigns via the domains and IP addresses they have used.
SSL Profiles
Certificates for SSL and TLS are one of the most useful datasets for profiling and connecting domains
- Analyze the contents of the certificate to assess trustworthiness or risk level of the domain hosting the certificate.
- Find other domains that share the same certificate.
- Pivot to other domains shown in the Subject Alternative Name section.
Iris API Integration
Investigate API
The Iris Investigate API is ideally suited for investigate and orchestrate uses cases at human scale. These are typically triggered on-demand by an analyst seeking additional context on a single indicator, with the best results available for investigations that begin with one or more domain names.
Enrich API
The Iris Enrich API is designed to support use cases that require high query volumes with generous rate limiting and fast response times. This may include enrichment of every domain name observed on a company’s network, typically sourced from web proxy or DNS logs and surfaced in a SIEM or custom-built analytics platform.
LOGON is a pan-asian company operating in China, Hong Kong (HK), India, Singapore, Malaysia, Indonesia, Vietnam, Philippines and Thailand. LOGON has local dedicated trained product specialists in Hong Kong, Guangzhou, Kuala Lumpur, Mumbai and Bangalore. LOGON acts both as value added reseller and sole distributor for award winning software solutions. Customers can buy new licenses, purchase upgrades and renewals from any of our local offices. Contact us for first line support during evaluations, PoCs. We offer best practices consulting services and classroom & online training. Check our site for latest offers, special discounts, bundle deals, etc..
