diff --git a/lists/alexa/list.json b/lists/alexa/list.json
index 0da1881..3941bbb 100644
--- a/lists/alexa/list.json
+++ b/lists/alexa/list.json
@@ -1,7 +1,8 @@
 {
   "matching_attributes": [
     "hostname",
-    "domain"
+    "domain",
+    "domain|ip"
   ],
   "description": "Event contains one or more entries from the top 1000 of the most used website (Alexa).",
   "list": [
diff --git a/lists/cisco_top1000/list.json b/lists/cisco_top1000/list.json
index ef46451..e5d943e 100644
--- a/lists/cisco_top1000/list.json
+++ b/lists/cisco_top1000/list.json
@@ -1,7 +1,8 @@
 {
   "matching_attributes": [
     "hostname",
-    "domain"
+    "domain",
+    "domain|ip"
   ],
   "description": "Event contains one or more entries from the top 1000 of the most used website (Cisco Umbrella).",
   "list": [
diff --git a/lists/microsoft-attack-simulator/list.json b/lists/microsoft-attack-simulator/list.json
index eedd1af..9765805 100644
--- a/lists/microsoft-attack-simulator/list.json
+++ b/lists/microsoft-attack-simulator/list.json
@@ -2,6 +2,7 @@
   "matching_attributes": [
     "ip-src",
     "ip-dst",
+    "domain",
     "domain|ip",
     "hostname"
   ],