Domain-Specific Atomic Runbooks

Domain names are frequent indicators in security investigations, often linked to phishing, malware command and control (C2), or other malicious infrastructure. The atomic runbooks in this section provide targeted procedures for gathering intelligence, analyzing activity, and assessing the risk associated with specific domains.

Domain Runbooks:

• Atomic Runbook: Get Domain Reputation from GTI
• Atomic Runbook: Get Domain Threat Intel via SecOps MCP
• Atomic Runbook: Lookup Domain Entity Activity in Chronicle
• Atomic Runbook: Search Domain DNS Queries in Chronicle
• Atomic Runbook: Search Domain-Related Network Traffic in Chronicle