Every second, a massive influx of events hits SIEM tools, and these numbers continue to rise. With this in mind, organizations need the ability to execute high-volume queries with low latency. The DomainTools® App for Splunk allows customers to rapidly enrich domains with tagging, Domain Risk Score, domain age, Whois, IPs, active and passive DNS provided by Farsight’s DNSDB, and other connected infrastructure to surface evidence of malicious activity. Moreover, newly-appearing domains identified by Iris Detect can be triaged and alerted on directly within the App.
Precisely Target Alerts and Hunt Threats Across Your Enterprise
DomainTools App for Splunk
Discovery of new domain IOCs related to network observables from within Splunk
Auto-enrichment of every domain from configured log sources with DomainTools Iris intelligence
If you are a current DomainTools customer, please contact your Account Manager or Enterprise Support before downloading the Splunk App. We want to help ensure that our application is configured to provide the most value in your environment.
Threat Hunting and Event Enrichment-at-Scale
An out-of-the-box Threat Hunting & Monitoring Dashboard for domain risk assessment and proactive alerting using Enterprise Security
Surface meaningful alerts that are enriched by the comprehensive Iris dataset to identify malicious intent
Leverage the Iris and DNSDB datasets for immediate access to dozens of attributes attached to every domain event in Splunk
Splunk turns machine data into answers. Regardless of your organization’s size and industry, Splunk can give you the answers you need to solve your toughest IT, security and business challenges—with the option to deploy on-premises, in the cloud or a hybrid approach.