![]() ![]() DomainTools App Bundle The latest app is available on Splunkbase at If you are currently running an older version of the DomainTools app, uninstall the older version first and perform a fresh installation. You may have to update your organization s firewall rules to allow access to this endpoint for the app to be functional. If you need to obtain new API keys to evaluate the app, contact us via at Firewall Rule Ensure you can reach from the Splunk server. DomainTools App for Splunk 4.1 requires access to the below API sets: Splunk Package (Complete App functionality) Iris Enrich API Iris Investigate API PhishEye API Iris API Package (Limited App functionality) Iris Enrich API Iris Investigate API DomainTools typically provides access to obtain API credentials by creating an account for the primary point of contact in your organization. ![]() DomainTools API Key You will need a DomainTools API username and API key to complete the app setup. Release Notes Prerequisites - Access to Iris Enrich and Iris Investigate APIs are required - Access to PhishEye API is optional but recommended for full app functionality New - App Diagnostic Dashboard to provide visibility into audit activities of the app - API Usage Dashboard to provide visibility into query consumption - A native Allowlisting ability to suppress monitoring of trusted domains - Introducing Investigation of Domain IOCs leveraging DomainTools Guided Pivot analytics - Ability to import IOCs from DomainTools using Iris export hash - Ability to discover connected domain IOCs for proactive monitoring - Richer domain context for notable events generated by DomainTools detection rules - Re-architected app with full support for recent Splunk SDK supporting Splunk 8.0 and Python 3 environments - Support for configuring proxies and custom SSL certs within app UI Changes - Redesigned ThreatIntel Dashboard with optimized searches - Redesigned Monitoring Dashboard for centralized monitoring - Redefined workflow to ingest PhishEye IOCs into Splunk - Redesigned Dashboard for ad-hoc domain lookup Deprecated Functionalities (From older versions of our app) - Brand monitor functionality - Alexa 1M filtering - Support removed for DomainTools Classic APIsĦ Deployment Guide Prerequisites Splunk Environment The app has been validated on Splunk or later releases of Splunk, including Splunk 8. Please review the release notes to understand some of the key features and changes in this release. Customers who have not yet deployed ES can still realize significant value from the DomainTools solution.ĥ What s New in 4.1 DomainTools App for Splunk 4.1 is the General Availability (GA) release for 4.x Beta versions of our app. At-a-glance operational dashboard keeps track of your API usage and allocation The DomainTools App works in parallel with Splunk Enterprise Security (ES) but does not depend on it. Customers who deploy the app in Splunk benefit from: Threat Hunting Dashboard highlighting the risk profile of domains along with relevant activities from within your network to help drive threat hunting and incident response Ability to surface network events related to the investigated domain from configured log sources for faster investigationĤ Adhoc investigation of domain IOCs from within Splunk, and seamless integration with DomainTools Iris to further your investigations Deeper investigation capabilities to discover, import, and further monitor potentially malicious domain IOCs using DomainTools investigation capabilities Automated detection throughout the alerting lifecycle within Splunk, leveraging the power of DomainTools Iris and PhishEye in a single application context Proactive monitoring of domain IOCs and tags originating from DomainTools Iris in a centralized location within Splunk Simple user interface for easily managing a list of allowed domains to reduce false positives. ![]() 3 Overview The DomainTools App provides direct access to DomainTools' industry-leading threat intelligence data, predictive risk scoring, and critical tactical attributes to gain situational awareness on malicious domains inside of Splunk. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |