Digital Shadows New Integration for Splunk

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

Today we announced the release of an updated version of our Splunk App, which is now certified for both Splunk Enterprise and Splunk Cloud. Digital Shadows customers will now be able to use their existing Splunk services alongside Digital Shadows SearchLight™ within the same platform, for no extra cost.

Here’s a sneak preview of all the functionality we’ve added.

SearchLight continually monitors the open, deep and dark web for risks to your business. The Digital Shadows app imports these alerts and displays them in a custom dashboard within Splunk. With this visibility, you are notified every time:

  • A spoof domain is registered
  • Corporate credentials are exposed
  • Sensitive data is exposed online
  • Flaws are identified in your infrastructure
  • Key members of staff are impersonated online

This will dramatically streamline incident processing as security professionals can now correlate alerts, ingest the latest threat intelligence, and gain real-time context from the open, deep, and dark web.

Correlate Alerts

All SearchLight alerts, including spoof domains, expired certificate or compromised credentials, are immediately pulled into the Splunk platform and visualized in a dashboard to provide an overview of your digital risk. With Splunk Enterprise, you can combine this insight with suspicious internal activity in order to identify the severity and urgency of an event. Combined, these will give you a more comprehensive picture of your risk.

Furthermore, this new integration provides additional workflow assistance, as Adaptive Response Actions can be used to edit the status within the SearchLight portal from “unread” to “read” or “closed”.

Ingest Latest Threat Intelligence

Customers of Splunk and Digital Shadows are able to ingest the latest threat intelligence, allowing security teams to monitor their networks for malicious indicators.

The last intelligence on threat actors, campaigns, and malware is ingested into the Splunk platform, providing you with the associated Indicators of Compromise (IOC) and Tactics, Techniques and Procedures (TTPs) to align your defenses.

Gain Real-Time Context

One of the most exciting additions to the integration is a feature that allows users to pivot off any record within Splunk into Shadow Search. This enables users to enrich intelligence with real-time context from the open, deep and dark web. Simply click on an IP, domain or IOC to pivot into the SearchLight platform and search across the following sources:

  • Dark web pages and marketplaces
  • Criminal forums
  • Paste sites
  • Blog and news sites
  • IRC and Telegram Chat Channels
  • Technical forums
  • DNS lookup
  • WHOIS data
  • Indicator Feeds
  • Curated intelligence from Digital Shadows

Download the Latest App

It’s quick and easy to set up your Splunk instance and get all of these new features. To start receiving alerts into your Splunk solution:

For more information, check out our Splunk datasheet.

 

To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
4 Followers
About Digital Shadows
Digital Shadows monitors and manages an organization’s digital risk, providing relevant threat intelligence across the widest range of data sources within the open, deep, and dark web to protect their brand, and reputation. The Digital Shadows SearchLight™ service combines scalable data analytics with human data analysts to manage and mitigate risks of an organization’s brand exposure, VIP exposure, cyber threat, data exposure, infrastructure exposure, physical threat, and third party risk, and create an up-to-the minute view of an organization’s digital risk with tailored threat intelligence.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

i2p Networks, Tor and Freenet Features: Pros + Cons
Views: 77 / January 23, 2019
DNS Rebinding – Behind The Enemy Lines
Views: 2437 / January 19, 2019
My IT Learning Journey
Views: 2844 / January 18, 2019
A New Age of Digital Interconnection
Views: 2267 / January 18, 2019
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel