Digital Shadows New Integration for Splunk

Digital Shadows New Integration for Splunk
Michael Marriott
Read More From Michael Marriott
December 10, 2018 | 3 Min Read

Today we announced the release of an updated version of our Splunk App, which is now certified for both Splunk Enterprise and Splunk Cloud. Digital Shadows customers will now be able to use their existing Splunk services alongside Digital Shadows SearchLight™ within the same platform, for no extra cost.

Here’s a sneak preview of all the functionality we’ve added.

SearchLight continually monitors the open, deep and dark web for risks to your business. The Digital Shadows app imports these alerts and displays them in a custom dashboard within Splunk. With this visibility, you are notified every time:

  • A spoof domain is registered
  • Corporate credentials are exposed
  • Sensitive data is exposed online
  • Flaws are identified in your infrastructure
  • Key members of staff are impersonated online

This will dramatically streamline incident processing as security professionals can now correlate alerts, ingest the latest threat intelligence, and gain real-time context from the open, deep, and dark web.

Correlate Alerts

All SearchLight alerts, including spoof domains, expired certificate or compromised credentials, are immediately pulled into the Splunk platform and visualized in a dashboard to provide an overview of your digital risk. With Splunk Enterprise, you can combine this insight with suspicious internal activity in order to identify the severity and urgency of an event. Combined, these will give you a more comprehensive picture of your risk.

Furthermore, this new integration provides additional workflow assistance, as Adaptive Response Actions can be used to edit the status within the SearchLight portal from “unread” to “read” or “closed”.

Ingest Latest Threat Intelligence

Customers of Splunk and Digital Shadows are able to ingest the latest threat intelligence, allowing security teams to monitor their networks for malicious indicators.

The last intelligence on threat actors, campaigns, and malware is ingested into the Splunk platform, providing you with the associated Indicators of Compromise (IOC) and Tactics, Techniques and Procedures (TTPs) to align your defenses.

Gain Real-Time Context

One of the most exciting additions to the integration is a feature that allows users to pivot off any record within Splunk into Shadow Search. This enables users to enrich intelligence with real-time context from the open, deep and dark web. Simply click on an IP, domain or IOC to pivot into the SearchLight platform and search across the following sources:

  • Dark web pages and marketplaces
  • Criminal forums
  • Paste sites
  • Blog and news sites
  • IRC and Telegram Chat Channels
  • Technical forums
  • DNS lookup
  • WHOIS data
  • Indicator Feeds
  • Curated intelligence from Digital Shadows

Download the Latest App

It’s quick and easy to set up your Splunk instance and get all of these new features. To start receiving alerts into your Splunk solution:

For more information, check out our Splunk datasheet.

 

To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.

Related Posts

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...
Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

Contact Tracing: Can ‘Big Tech’ Come to the Rescue, and at What Cost?

May 11, 2020 | 13 Min Read

Co-authored by: Pratik Sinha MD PhD1,2, Alastair...
Zoom Security and Privacy Issues: Week in Review

Zoom Security and Privacy Issues: Week in Review

April 17, 2020 | 10 Min Read

In the last month, you’ve likely been hearing...