Even at a time when security controls are more advanced than ever, the numbers of events seen in the typical SOC have not fallen. And many of these events are tied to traffic to dangerous, adversary-controlled assets. The DomainTools App for Splunk allows SOC personnel to rapidly enrich domains seen in their environment with Domain Risk Scores, domain age, Whois data, IP addresses, active DNS, and SSL certificate data. The latest version also adds support for Farsight Security’s respected DNSDB passive DNS database, and new domain triage and monitoring support from DomainTools Iris Detect. Join Dan Nunes and Tim Helming of DomainTools for a look at the latest enhancements to the DomainTools App for Splunk, and some key use cases to help enhance your security operations.
Improve Your Situational Awareness Around Dangerous Infrastructure
In this webinar, you’ll learn how to:
- Triage new domains matching Iris Detect Monitors within Splunk—helping uncover possible spoofs of your company or brand
- Synchronize Iris Detect’s Domain Watch List with the Splunk Monitoring list to watch for signals of impending adversary campaign activity
- Investigate domain infrastructure with Passive DNS using Farsight’s DNSDB Standard or Flexible search
