Digital Shadows New Integration for Splunk

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Today we announced the release of an updated version of our Splunk App, which is now certified for both Splunk Enterprise and Splunk Cloud. Digital Shadows customers will now be able to use their existing Splunk services alongside Digital Shadows SearchLight™ within the same platform, for no extra cost.

Here’s a sneak preview of all the functionality we’ve added.

SearchLight continually monitors the open, deep and dark web for risks to your business. The Digital Shadows app imports these alerts and displays them in a custom dashboard within Splunk. With this visibility, you are notified every time:

  • A spoof domain is registered
  • Corporate credentials are exposed
  • Sensitive data is exposed online
  • Flaws are identified in your infrastructure
  • Key members of staff are impersonated online

This will dramatically streamline incident processing as security professionals can now correlate alerts, ingest the latest threat intelligence, and gain real-time context from the open, deep, and dark web.

Correlate Alerts

All SearchLight alerts, including spoof domains, expired certificate or compromised credentials, are immediately pulled into the Splunk platform and visualized in a dashboard to provide an overview of your digital risk. With Splunk Enterprise, you can combine this insight with suspicious internal activity in order to identify the severity and urgency of an event. Combined, these will give you a more comprehensive picture of your risk.

Furthermore, this new integration provides additional workflow assistance, as Adaptive Response Actions can be used to edit the status within the SearchLight portal from “unread” to “read” or “closed”.

Ingest Latest Threat Intelligence

Customers of Splunk and Digital Shadows are able to ingest the latest threat intelligence, allowing security teams to monitor their networks for malicious indicators.

The last intelligence on threat actors, campaigns, and malware is ingested into the Splunk platform, providing you with the associated Indicators of Compromise (IOC) and Tactics, Techniques and Procedures (TTPs) to align your defenses.

Gain Real-Time Context

One of the most exciting additions to the integration is a feature that allows users to pivot off any record within Splunk into Shadow Search. This enables users to enrich intelligence with real-time context from the open, deep and dark web. Simply click on an IP, domain or IOC to pivot into the SearchLight platform and search across the following sources:

  • Dark web pages and marketplaces
  • Criminal forums
  • Paste sites
  • Blog and news sites
  • IRC and Telegram Chat Channels
  • Technical forums
  • DNS lookup
  • WHOIS data
  • Indicator Feeds
  • Curated intelligence from Digital Shadows

Download the Latest App

It’s quick and easy to set up your Splunk instance and get all of these new features. To start receiving alerts into your Splunk solution:

For more information, check out our Splunk datasheet.

 

To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
7 Followers
About Digital Shadows
Digital Shadows is the leader in Digital Risk Protection. Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats. Organizations can suffer regulatory fines, loss of intellectual property, and reputational damage when digital risk is left unmanaged. Digital Shadows SearchLight™ helps you minimize these risks by detecting data loss, securing your online brand, and reducing your attack surface. To learn more and get free access to SearchLight, visit www.digitalshadows.com.
Promoted Content
A Practical Guide to Reducing Digital Risk - Tools and Approaches for Security, Intelligence, and Fraud Teams
For those working to secure organizations, life isn't getting any easier. As businesses continue to invest in technology, the environment that must be secured has become more complex and challenging. This guide is written for people whose role it is to deal with this complexity: the practitioners. It provides advice to help understand how to identify critical business assets, understand the threat, monitor for exposure, and take action.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel