Every second, a massive influx of events hits SIEM tools, and these numbers continue to rise. With this in mind, organizations need the ability to execute high-volume queries with low latency. The DomainTools® App for Splunk allows customers to rapidly enrich domains with tagging, Domain Risk Score, domain age, Whois, IPs, active and passive DNS provided by Farsight’s DNSDB, and other connected infrastructure to surface evidence of malicious activity. Moreover, newly-appearing domains identified by Iris Detect can be triaged and alerted on directly within the App.
Precisely Target Alerts and Hunt Threats Across Your Enterprise
DomainTools App for Splunk
Discovery of new domain IOCs related to network observables from within Splunk
Auto-enrichment of every domain from configured log sources with DomainTools Iris intelligence
If you are a current DomainTools customer, please contact your Account Manager or Enterprise Support before downloading the Splunk App. We want to help ensure that our application is configured to provide the most value in your environment.
Farsight DNSDB App for Splunk
Contextual information and situational awareness from the most comprehensive historical database of passive DNS data about how IPs, domains, and Internet infrastructure are interconnected and have evolved to your existing event data
Real-time Internet infrastructure information supporting better visibility for the detection, identification and analysis of threats and adversary infrastructure and capabilities
Splunk turns machine data into answers. Regardless of your organization’s size and industry, Splunk can give you the answers you need to solve your toughest IT, security and business challenges—with the option to deploy on-premises, in the cloud or a hybrid approach.
Get API AccessContact Us
