DNSDB Splunk Integration Technical Overview
Overview
Splunk® and Farsight Security® Inc. (Now a part of DomainTools) have partnered together to allow access to Farsight's Passive DNS data from within the Splunk platform. Splunk is a popular SIEM platform for organizing, searching, monitoring, analyzing, and visualizing machine gathered data in a web interface. Farsight has co-developed two Apps for the Splunk platform; the Farsight DNSDB℠ App for Splunk and the Farsight Sentry Manager App for Splunk. These Apps give Splunk Enterprise customers the ability to use Farsight's DNSDB and Security Information Exchange (SIE) as additional resources with their current Splunk workflows and analytics.
Technical Description
With the Farsight DNSDB App, users can learn the history and associatedinfrastructure of a suspicious domain name or IP to gain criticalcontextual information for their existing event data. Users can add thiscapability to an existing workflow to generate queries automatically andpopulate contextual information for all domains and addresses that werethe target of DNS requests made by hosts in their infrastructure.
With the Farsight Sentry Manager App users can create Splunk events forpatterns matched within Farsight's SIE channels. When added to Splunk,this allows users to map out and investigate new threats to theirnetwork in real-time.
Both the Farsight DNSDB App and Farsight Sentry Manager App for Splunkallow for better visibility in the detection, identification, andanalysis of new and exist threats to the user's network.
Hardware and Software Requirements
The Farsight Splunk Apps are web based applications that can be accessed via any browser supported by Splunk Enterprise.
The Farsight Splunk Apps have no specific hardware and software requirements, as they are run within a Splunk Enterprise environment. All of the Splunk Enterprise system requirements apply.
Farsight DNSDB for Splunk
Use of the Farsight DNSDB for Splunk App requires access to SplunkEnterprise and a Farsight DNSDB API key. A 30-day trial for DNSDB API isavailable upon request. To request a trial or learn more about theFarsight subscription services please contact Farsight Security.
Farsight Sentry Manager for Splunk
Use of the Farsight Sentry Manager for Splunk app requires access toSplunk Enterprise and a Farsight Brand Sentry or Farsight Domain SentryAPI key. To request a trial for Farsight Brand Sentry or Farsight DomainSentry or to learn more about the Farsight subscription services pleasecontact Farsight Security.