With the increasing transformation into the digital world, threat actors are showing more of their existence. It is very important to have data-based security resources in an increasingly threatening environment. Security teams need a compatible platform that uses the necessary information to be able to see the threats coming from the external threat environment, to centralize the intelligence sources, and to intervene in the fastest possible attacks. We are excited to announce our new integration for both Splunk Enterprise and Splunk Cloud in order to produce the best solution to this need of the industry.
The SOCRadar Splunk Application has taken its place in Splunkbase in order to perform search, monitoring, analysis and other activities via a web interface and to get the maximum benefit from SOCRadar feeds. With this new integration, you can create workflows, alerts and control panels that will allow you to make faster decisions.
Get the highest benefit with SOCRadar® and Splunk integration
The integration of Splunk and SOCRadar empowers organizations to combine the strengths of their Splunk deployments to collect, monitor, analyze and visualize massive streams of machine data, with the visibility, detection, and threat intelligence capabilities of SOCRadar. It helps maximize the value of threat intelligence through analysis and enrichment.
Visualization of the Splunk data that has been obtained via SOCRadar API endpoints:
- View of alerts specific to attacks targeting your company
- Informing the real-time about threats outside
- Fast-tracking of changes in your attack surface
- Instant detection of vulnerable assets
- Enriched threat feeds
- IOCs for current attacks
Visualize your alarms on Splunk
SOCRadar continuously monitors the surface web, deep web, and dark web to detect attacks targeting your changing attack surface and your business. Situations that pose a risk to your company are notified as an alarm.
With the Splunk application, all alarms presented by SOCRadar is transferred to Splunk and presented with a special dashboard. Some:
- New Domain Registration is detected that is possibly intended for phishing
- Possible Impersonating Twitter Account is discovered
- Vulnerability Updates That May be Related with Your Third-party Libraries
- Company-Related Credentials Is Offered For Sale on a Black Market
- Critical Port Detected
- IP Address Detected In a Reputation List
Ready to see our new integration in action?
It is quick and easy to install the SOCRadar application, which you can download for free through Splunkbase, and get all these new features. To start receiving alerts for your Splunk solution:
- Retrieve your API key from within SOCRadar platform
- Download theSOCRadar app for Splunk from Splunkbase: https://splunkbase.splunk.com/app/5134/
- Start inserting data to socradar_incidents index from SOCRadar Incident API.
With SOCRadar® Community Edition, you’ll be able to:
- Spot malicious/typosquatted domains targeting your business
- Know if your employees’ credentials have been compromised in the latest data breach
- Discover your unknown hacker-exposed assets
- Check if your IP addresses tagged as malicious
- Monitor your domain name on hacked websites and phishing databases
- Get notified when a critical zero-day vulnerability is disclosed