Digital Shadows New Integration for SplunkDecember 10, 2018
Today we announced the release of an updated version of our Splunk App, which is now certified for both Splunk Enterprise and Splunk Cloud. Digital Shadows customers will now be able to use their existing Splunk services alongside Digital Shadows SearchLight™ within the same platform, for no extra cost.
Here’s a sneak preview of all the functionality we’ve added.
SearchLight continually monitors the open, deep and dark web for risks to your business. The Digital Shadows app imports these alerts and displays them in a custom dashboard within Splunk. With this visibility, you are notified every time:
- A spoof domain is registered
- Corporate credentials are exposed
- Sensitive data is exposed online
- Flaws are identified in your infrastructure
- Key members of staff are impersonated online
This will dramatically streamline incident processing as security professionals can now correlate alerts, ingest the latest threat intelligence, and gain real-time context from the open, deep, and dark web.
All SearchLight alerts, including spoof domains, expired certificate or compromised credentials, are immediately pulled into the Splunk platform and visualized in a dashboard to provide an overview of your digital risk. With Splunk Enterprise, you can combine this insight with suspicious internal activity in order to identify the severity and urgency of an event. Combined, these will give you a more comprehensive picture of your risk.
Furthermore, this new integration provides additional workflow assistance, as Adaptive Response Actions can be used to edit the status within the SearchLight portal from “unread” to “read” or “closed”.
Ingest Latest Threat Intelligence
Customers of Splunk and Digital Shadows are able to ingest the latest threat intelligence, allowing security teams to monitor their networks for malicious indicators.
The last intelligence on threat actors, campaigns, and malware is ingested into the Splunk platform, providing you with the associated Indicators of Compromise (IOC) and Tactics, Techniques and Procedures (TTPs) to align your defenses.
Gain Real-Time Context
One of the most exciting additions to the integration is a feature that allows users to pivot off any record within Splunk into Shadow Search. This enables users to enrich intelligence with real-time context from the open, deep and dark web. Simply click on an IP, domain or IOC to pivot into the SearchLight platform and search across the following sources:
- Dark web pages and marketplaces
- Criminal forums
- Paste sites
- Blog and news sites
- IRC and Telegram Chat Channels
- Technical forums
- DNS lookup
- WHOIS data
- Indicator Feeds
- Curated intelligence from Digital Shadows
Download the Latest App
It’s quick and easy to set up your Splunk instance and get all of these new features. To start receiving alerts into your Splunk solution:
- Retrieve your API key from within your Digital Shadows portal
- Download the Splunk add-on from Splunkbase here: https://splunkbase.splunk.com/app/4247/.
- Benefit from the custom SearchLight dashboard by downloading the app here https://splunkbase.splunk.com/app/4248.
For more information, check out our Splunk datasheet.
To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.