Over the past several weeks, we've been busy cranking out PassiveTotal integrations to work with a number of different products. But one that our users have had a particular interest in is Splunk—and since our primary goal is always to please our users, we're happy to announce version one of our Splunk app!
To automate security investigations of suspicious domains and IP addresses, the PassiveTotal for Splunk App simultaneously searches intelligence within PassiveTotal services (including Passive DNS, WHOIS, Passive SSL, Tags, Classifications, Host Attributes, etc.) and local Splunk repositories to reveal any matching events.
Watch the webinar on-demand to see RiskIQ's PassiveTotal founder Brandon Dixon walk through the integration and highlight key benefits in a demo.
In the webinar, Brandon demonstrates how:
- PassiveTotal for Splunk works in a demo
- To pivot from indicator to indicator and easily identify malicious or suspicious external infrastructures and quickly determine whether they are present in the Splunk index
- PassiveTotal for Splunk enables you to identify connections between internal security events and malicious infrastructure domains in order to pinpoint and remediate threats