SIEM Archives - DomainTools | Start Here. Know Now. https://www.domaintools.com/integrations/siem/ Start Here. Know Now. Thu, 29 Aug 2024 13:59:12 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.2 Splunk https://www.domaintools.com/integrations/splunk/ Tue, 26 Jul 2022 18:41:25 +0000 https://domaintools.wpengine.com/?post_type=integration&p=9555 Enrichment and Proactive Alerting Every second, a massive influx of events hits SIEM tools, and these numbers continue to rise. With this in mind, organizations need the ability to execute high-volume queries with low latency. The DomainTools® App for Splunk allows customers to rapidly enrich domains with tagging, Domain Risk Score, domain age, Whois, IPs, […]

The post Splunk appeared first on DomainTools | Start Here. Know Now..

]]> Enrichment and Proactive Alerting

Every second, a massive influx of events hits SIEM tools, and these numbers continue to rise. With this in mind, organizations need the ability to execute high-volume queries with low latency. The DomainTools® App for Splunk allows customers to rapidly enrich domains with tagging, Domain Risk Score, domain age, Whois, IPs, active and passive DNS provided by Farsight’s DNSDB, and other connected infrastructure to surface evidence of malicious activity. Moreover, newly-appearing domains identified by Iris Detect can be triaged and alerted on directly within the App.

Precisely Target Alerts and Hunt Threats Across Your Enterprise

  • DomainTools App for Splunk

    • Discovery of new domain IOCs related to network observables from within Splunk
    • Auto-enrichment of every domain from configured log sources with DomainTools Iris intelligence

    The DomainTools App for Splunk & Splunk ES is now available in Splunkbase: https://splunkbase.splunk.com/app/5226

    If you are a current DomainTools customer, please contact your Account Manager or Enterprise Support before downloading the Splunk App. We want to help ensure that our application is configured to provide the most value in your environment.

  • Farsight DNSDB App for Splunk

    • Contextual information and situational awareness from the most comprehensive historical database of passive DNS data about how IPs, domains, and Internet infrastructure are interconnected and have evolved to your existing event data
    • Real-time Internet infrastructure information supporting better visibility for the detection, identification and analysis of threats and adversary infrastructure and capabilities

    The Farsight DNSDB App for Splunk is now available in Splunkbase: https://splunkbase.splunk.com/app/3050

    To learn more about this subscription service please fill out the demo form at the bottom of this page.

  • Threat Hunting and Event Enrichment-at-Scale

    • An out-of-the-box Threat Hunting & Monitoring Dashboard for domain risk assessment and proactive alerting using Enterprise Security
    • Surface meaningful alerts that are enriched by the comprehensive Iris dataset to identify malicious intent
    • Leverage the Iris and DNSDB datasets for immediate access to dozens of attributes attached to every domain event in Splunk

  • Proactive Domain Risk Scoring

    • Automated discovery of potentially malicious domains leveraging DomainTools Iris Detect & Risk Score capabilities inside Splunk
    • Raise alerts with batch processing
    • Access Domain Risk Score – Proximity and Threat Profile classifiers

Support and Learning

About Splunk

Splunk turns machine data into answers. Regardless of your organization’s size and industry, Splunk can give you the answers you need to solve your toughest IT, security and business challenges—with the option to deploy on-premises, in the cloud or a hybrid approach.

Learn More

The post Splunk appeared first on DomainTools | Start Here. Know Now..

]]> Anomali https://www.domaintools.com/integrations/anomali/ Tue, 26 Jul 2022 18:15:42 +0000 https://domaintools.wpengine.com/?post_type=integration&p=9296 DNS-Based Cyber Threat Detection and Response The DomainTools® Iris™ App for Anomali delivers a subset of DomainTools Iris data, together with pivot capability and domain risk score, directly to the analyst inside the Anomali Security Operations Platform. This integration enables rapid in-context assessments of domain name observables and discovery of connected domains that share the […]

The post Anomali appeared first on DomainTools | Start Here. Know Now..

]]> DNS-Based Cyber Threat Detection and Response

The DomainTools® Iris™ App for Anomali delivers a subset of DomainTools Iris data, together with pivot capability and domain risk score, directly to the analyst inside the Anomali Security Operations Platform. This integration enables rapid in-context assessments of domain name observables and discovery of connected domains that share the same IP, hostname, or SSL certificate hash.

Enrichment Powered by the DomainTools Iris Investigate API

  • Context Enrichment for Domains

    Domain name observables offer a “DomainTools Iris” tab in the set of context enrichment options that provides:

    • Domain Risk Score with supporting evidence and component scores from machine learning classifiers & proximity-based risk algorithms.
    • Domain profile attributes from the DomainTools Iris dataset, including identity, infrastructure, web crawl and SSL details.
    • Guided Pivot counts for each attribute to identify dedicated infrastructure, novel identities, and potential research pathways.
    • Outbound link to DomainTools Iris to perform deeper analysis, with the domain name context preserved in the link to streamline the investigation process.

  • Pivot Enrichment

    The DomainTools Iris App for Anomali provides a pivot-based enrichment that operates on observables in the “Explore” feature of Anomali Threatstream. Supported data types offer a “DomainTools Iris” option in the right-click context menu and return a subset of the Iris data as nodes on the pivot chart. These nodes enable further pivots.

  • Context Enrichment for IPs, Emails, and SSL Certificate Hashes

    IP addresses, emails and SSL certificate hashes offer a “DomainTools Iris” tab in the set of available context options that provides the list of connected domain names that share the same observable value, with insights into their risk scores and age.

    • List of connected domain names sourced from the Iris Investigate API.
    • Domain Risk Score distribution across the list of connected domains.
    • Domain age distribution across the list of connected domains.

  • Identify, Prioritize, and Respond to Threats

    Context-based enrichment for domain names, IP addresses, hostnames, and SSL certificate hashes.

    Download Data Sheet

Support and Learning

Anomali Threatstream

Anomali helps organizations find and respond to cyber threats. That’s our mission. We bring to your security team the one thing that’s been missing – external context. With Anomali you can now identify suspicious or malicious traffic before it even reaches your network. We turn threat intelligence into your cyber no-fly list, and seamlessly integrate this with your internal security and IT systems.

Learn More

The post Anomali appeared first on DomainTools | Start Here. Know Now..

]]> Elastic (ELK) Stack https://www.domaintools.com/integrations/elastic/ Tue, 26 Jul 2022 18:42:36 +0000 https://domaintools.wpengine.com/?post_type=integration&p=9562 Maximize Your SecOps The DomainTools® App for Elastic provides maximum value for our customers who are utilizing Elastic within their SecOps. Elastic customers utilizing the ELK stack can readily leverage all functionalities out of the box. The DomainTools app focuses on enabling core enrichment functionality along with a purpose-built user interface that will help analyze […]

The post Elastic (ELK) Stack appeared first on DomainTools | Start Here. Know Now..

]]> Maximize Your SecOps

The DomainTools® App for Elastic provides maximum value for our customers who are utilizing Elastic within their SecOps. Elastic customers utilizing the ELK stack can readily leverage all functionalities out of the box.

The DomainTools app focuses on enabling core enrichment functionality along with a purpose-built user interface that will help analyze our diverse dataset—giving you deep visibility of your network events. Gain all this while creating a stable and scalable app architecture that can grow with your adoption.

Gain Visibility of Network Events

  • DomainTools App for Elastic

    • Enables core enrichment functionality
    • Provides a smooth user experience through our diverse dataset
    • Creates a stable and scalable app architecture
    • Allows ad hoc investigations of domains from within Elastic

  • Capabilities

    • Leverage the Threat Intelligence Dashboard for risk metrics to highlight malicious activity
    • Lookup domains from within Kibana, or utilize a customized UI to template our varied dataset from Iris
    • Proactively monitor potentially malicious domains prior to misuse
    • Configure LogSources and Indexes
    • View configurations of Enrichment Settings in App UI
    • Manage an allow list of up to 1,000 domains

  • Event Enrichment

    The DomainTools App for Elastic leverages ECS schema out of the box. For all domains that are in our cache, the enrichment takes place while events are being indexed—providing actionable threat intel in real-time! 

    DomainTools enrichment data is added inline to the events as an ECS object; therefore, all Elastic functionalities (including SIEM) can leverage the data downstream.

Support and Learning

About Elastic

Elastic builds enterprise search, observability, and security solutions to make data usable in real time and at scale. From finding documents to monitoring infrastructure to hunting for threats, Elastic solutions are built on one, free and open technology stack that can be deployed anywhere to instantly find actionable insights from any type of data. 

The Elastic (ELK) Stack has long been used by security teams and organizations to extract valuable security insights from all their data, enabling them to evolve quickly and solve complex security problems. Elastic Security builds on the power of the Elastic Stack to deliver pre-built capabilities that help security teams evolve even faster. The solution enables a unified, out of the box approach to security — with the inherent benefits of speed, scale, and relevance that Elasticsearch is known for.

Learn More

The post Elastic (ELK) Stack appeared first on DomainTools | Start Here. Know Now..

]]> IBM QRadar https://www.domaintools.com/integrations/ibm-qradar/ Tue, 26 Jul 2022 18:42:17 +0000 https://domaintools.wpengine.com/?post_type=integration&p=9558 Boost Situational Awareness Around Key Events The DomainTools® App for IBM QRadar gives analysts fast, in-context access to key information about domains, IP addresses, and SSL hashes that appear in events within Offenses.  Triage events and gain situational awareness around adversary infrastructure, and launch DomainTools Iris Invesstigate™ for deeper investigations. Pinpoint high-risk or recently-registered domains […]

The post IBM QRadar appeared first on DomainTools | Start Here. Know Now..

]]> Boost Situational Awareness Around Key Events

The DomainTools® App for IBM QRadar gives analysts fast, in-context access to key information about domains, IP addresses, and SSL hashes that appear in events within Offenses. 

Triage events and gain situational awareness around adversary infrastructure, and launch DomainTools Iris Invesstigate™ for deeper investigations. Pinpoint high-risk or recently-registered domains that may represent threats.

Infrastructure Intelligence Within QRadar

  • Domain Details at a Glance

    When domains appear within an Offense in QRadar, the DomainTools app provides information that analysts rely on, including:

    • Predictive Domain Risk Scores
    • Registration details from Whois and DNS SOA records
    • IP address, name server, and MX records
    • SSL/TLS certificate hashes

    Need to go deeper? Launch an investigation in DomainTools Iris.

    Download From IBM APP Exchange

    If you are a current DomainTools customer, please contact your Account Manager before downloading the DomainTools QRadar App. We want to ensure that you have the proper inputs to make the application work to your advantage.

  • Details on Potentially Risky Infrastructure

    IP addresses within Offenses have on-demand enrichment available, including:

    • Ability to pivot on the IP, seeing what domains are associated with it
    • Ability to launch an investigation of the IP in DomainTools Iris

  • Pivot Investigations on SSL/TLS Hashes

    Increasingly, analysts and threat hunters are relying on SSL/TLS hashes to uncover insights on adversary assets. SSL/TLS hashes within Offenses have on-demand enrichment available, including the ability to:

    • Pivot on the hash, seeing what domains are associated with it
    • Launch an investigation of domains connected to the certificate in DomainTools Iris

Support and Learning

About IBM QRadar

IBM QRadar® is a Security Information and Event Management (SIEM) that helps security teams accurately detect and prioritize threats across the enterprise, and provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents.

Learn More

The post IBM QRadar appeared first on DomainTools | Start Here. Know Now..

]]> Microsoft Sentinel https://www.domaintools.com/integrations/microsoft-sentinel/ Tue, 01 Nov 2022 09:00:00 +0000 https://www.domaintools.com/?post_type=integration&p=15628 Enrichment, Hunting, and Alerting When you add world-class passive DNS and domain registration data to one of the leading SIEM platforms, a lot of powerful incident response (IR) and hunting use cases are unlocked. The DomainTools® App for Microsoft Sentinel allows customers to rapidly enrich domains with Domain Risk Score, domain age, Whois, IPs, active […]

The post Microsoft Sentinel appeared first on DomainTools | Start Here. Know Now..

]]> Enrichment, Hunting, and Alerting

When you add world-class passive DNS and domain registration data to one of the leading SIEM platforms, a lot of powerful incident response (IR) and hunting use cases are unlocked. The DomainTools® App for Microsoft Sentinel allows customers to rapidly enrich domains with Domain Risk Score, domain age, Whois, IPs, active and passive DNS provided by Farsight’s DNSDB, and other connected infrastructure data to surface evidence of malicious activity. 

Precisely Target Alerts and Hunt Threats Across Your Enterprise

  • Iris Enrichment Playbooks

    Enable alerting or quick-look analysis of domain- or IP-related events

    Enrich up to 6,000 domains/minute with DomainTools intelligence using bulk lookups against the Iris Enrich interface

  • Iris Investigative Playbooks

    Explore connected infrastructure to assess risk, find hidden threats, and enable detections

    The Iris Investigate playbooks present Risk Score, Whois, SSL, and hosting infrastructure, along with highlighted guided pivots and connected-domain counts on pivotable fields

  • Farsight DNSDB Playbooks

    Perform lookups of DNS infrastructure against Domain and IP indicators

    The integration with Farsight’s DNSDB includes several actions and 4 reference playbooks to allow you to leverage Farsight passive DNS data in your investigations

Support and Learning

  • Webinar

    Good Chemistry: The Integration Between DomainTools and Microsoft Sentinel

    Learn More
  • Blog

    The Perfect Pair: Integrating DomainTools Data Sets in Microsoft’s Sentinel SIEM Product

    Learn More

About Microsoft Sentinel

Microsoft Sentinel is a scalable, cloud-native solution that provides:

  • Security information and event management (SIEM)
  • Security orchestration, automation, and response (SOAR)

Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise. With Microsoft Sentinel, you get a single solution for attack detection, threat visibility, proactive hunting, and threat response.

Learn More

The post Microsoft Sentinel appeared first on DomainTools | Start Here. Know Now..

]]>