Splunk

Enrichment and Proactive Alerting

Every second, a massive influx of events hits SIEM tools, and these numbers continue to rise. With this in mind, organizations need the ability to execute high-volume queries with low latency. The DomainTools® App for Splunk allows customers to rapidly enrich domains with tagging, Domain Risk Score, domain age, Whois, IPs, active and passive DNS provided by Farsight’s DNSDB®, and other connected infrastructure to surface evidence of malicious activity. Moreover, newly-appearing domains identified by Iris Detect can be triaged and alerted on directly within the App.

Precisely Target Alerts and Hunt Threats Across Your Enterprise