New App and Search Add-On Allows Security Teams to Leverage Proxy and DNS Logs for Threat Hunting, Incident Response and Triage
09:00 ET from DomainTools
SEATTLE, June 29, 2016 /PRNewswire/ — DomainTools, the leader in domain name and DNS-based cyber threat intelligence, today announced a new app and search add-on (SA) that are available in Spunk Enterprise’s Splunkbase immediately. Without leaving the Splunk environment, security teams can now leverage DomainTools data alongside proxy and DNS logs for threat hunting, incident response, and quick in-context triage of security events. Additionally, the new app and search add-on give security team members access to DomainTools’ industry-leading threat intelligence data on domain names, the individuals who control them, and the infrastructure that supports them.
Domain names and DNS data are now getting the recognition they deserve as key sources of threat intelligence. Enriched with Whois data, these indicators provide a more effective platform for analysis and alerting than an IP address. DomainTools’ new app and search add-on help Splunk customers uncover that domain profile data faster. Once a threat is discovered, searches can be applied retroactively to find hostnames already active in the network that match a domain profile but missed previous detection, driven by data constantly sourced from DomainTools Parsed Whois recordset.
“Almost daily, we’re getting reports of security teams who are using their SIEM, specifically Splunk, for proactive threat hunting and incident response investigations. Given this increasing demand, Splunk was an obvious choice for our first major integration,” said Mark Kendrick, Director of Solution Engineering for DomainTools. “With our new app and search add-on, Splunk’s 11,000 customers have easy access to the most comprehensive domain name investigation tools available today.”
Key features of DomainTools’ new Splunk app and search add-on include:
- API end point hooks to easily add context to any Splunk list with a domain name and set up custom rules and triggers from the reversing APIs.
- Intuitive workflow actions that link to a Domain Profile dashboard for a quick triage on a single domain name.
- A holistic view of the threat actor, related domains by IP address or Name server, the DomainTools Domain Reputation Score, and Reverse Whois results for the registrant.
- Easy access to the industry-leading DomainTools Whois database, comprising of over 10 billion Whois records and over 300 million known domains in DNS.
DomainTools selected Hurricane Labs, a managed SIEM service provider with deep experience in security, as its app publishing partner. Hurricane Labs has previously built several other well-received apps in the Spunk ecosystem,
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity athttp://www.domaintools.com or follow us on Twitter:@domaintools.