Splunk (PassiveTotal)

Splunk

Splunk App

The PassiveTotal App for Splunk allows organizations to bring context to external threats, analyze attack data, and correlate that information with their internal event data to pinpoint and re-mediate threats — all in one place.

The PassiveTotal App for Splunk searches the large and diverse datasets within PassiveTotal by RiskIQ services (including Passive DNS, WHOIS, Passive SSL, Tags, Classifications, and Host Attributes) and local Splunk repositories simultaneously to reveal any matching events. This capability enables researchers to pivot from indicator to indicator and, quite easily, identify potentially malicious external infrastructures while determining if they are present in the Splunk index.

For a more in-depth look at our Splunk integration check out our blog post and video walkthrough.