DomainTools
Integration version: 7.0
Configure DomainTools integration in Google Security Operations
For detailed instructions on how to configure an integration inGoogle SecOps, seeConfigureintegrations.
Actions
Get Domain Profile
Description
Enrich an external domain entity with DomainTools that threatens data fromIntelligence and returns a CSV output.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the following entities:
- URL
- Hostname
- Domain
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_succeed | True/False | is_succeed:False |
JSON Result
[{"Entity":"example-domain.com","EntityResult":{"registrant":{"name":"Privacy Protect LLC","domains":66370905,"product_url":"https:\\/\\/reversewhois.domaintools.com\\/?all[]=Privacy+Protect+LLC&none[]="},"server":{"ip_address":"192.0.2.1","other_domains":1898,"product_url":"https:\\/\\/reverseip.domaintools.com\\/search\\/?q=example-domain.com"},"registration":{"created":"2024-01-15","expires":"2025-01-15","updated":"2024-10-22","registrar":"Example Registrar Co.","statuses":["clientDeleteProhibited","clientRenewProhibited","clientTransferProhibited","clientUpdateProhibited"]}}}]Get Domain Risk
Description
Enrich the external domain entity with the domain risk score that was given byDomainTools data.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| Threshold | String | N/A | Mark entity as suspicious if the domain risk score passes the given threshold. e.g. 3. |
Use cases
N/A
Run On
This action runs on the following entities:
- URL
- Hostname
- Domain
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_risky | True/False | is_risky:False |
JSON Result
[{"Entity":"risky-example-one.com","EntityResult":{"domain":"risky-example-one.com","risk_score":99,"components":[{"name":"proximity","risk_score":70},{"name":"threat_profile","risk_score":99},{"name":"threat_profile_phishing","risk_score":99},{"name":"threat_profile_malware","risk_score":95},{"name":"threat_profile_spam","risk_score":0}]}},{"Entity":"high-risk-test.net","EntityResult":{"domain":"high-risk-test.net","risk_score":99,"components":[{"name":"proximity","risk_score":70},{"name":"thre at_profile","risk_score":99},{"name":"threat_profile_phishing","risk_score":99},{"name":"threat_profile_malware","risk_score":95},{"name":"threat_profile_spam","risk_score":0}]}}]Get Hosting History
Description
Receive, enrich, and add a CSV table to the Domain Hosting History Information.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the following entities:
- URL
- Hostname
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_succeed | True/False | is_succeed:False |
JSON Result
N/APing
Description
Test Connectivity.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the following entities:
- URL
- Hostname
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_success | True/False | is_success:False |
JSON Result
N/ARecent Domains
Description
Look for new domains with a specific word in them.
Parameters
| Parameter | Type | Default Value | Description |
|---|---|---|---|
| String Query | String | N/A | Search for new domains containing a particular word. |
Use cases
N/A
Run On
This action runs on all entities.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
JSON Result
N/AReverse Domain
Description
Find IPs pointing to a certain domain.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the following entities:
- URL
- Hostname
- Domain
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
JSON Result
[{"Entity":"http://www.example-domain.com/","EntityResult":{"ip_addresses":[{"ip_address":"192.0.2.10","domain_count":2,"domain_names":["malware-host.net","test-site-two.org"]},{"ip_address":"192.0.2.11","domain_count":1,"domain_names":["another-test-domain.com"]}]}}]Reverse Email
Description
Find domains with an email address in their WhoIs record.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the User entity.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
JSON Result
N/AReverse IP
Description
Find domain names that share a particular IP address.
Parameters
N/A
Use cases
N/A
Run On
This action runs on the IP Address entity.
Action Results
Entity Enrichment
N/A
Insights
N/A
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
JSON Result
N/ANeed more help?Get answers from Community members and Google SecOps professionals.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-19 UTC.