DomainTools Announces Enhanced App for Splunk to Reduce Cyber Threat Detection and Response Time


DomainTools, the leader in domain name and DNS-based cyber threat intelligence, today announced the general availability release of the 4.1 version of its app for Splunk, provider of the Data-to-Everything® Platform. With several key feature enhancements, including support for early adopters of Splunk 8.0 (and Python 3), users will see improved capabilities, performance, and user experience.

The DomainTools App for Splunk provides direct access within Splunk to industry-leading threat intelligence data on domain names, the individuals who control them, and the infrastructure that supports them. The app is available for download on Splunkbase.

Customers who deploy the app in Splunk will benefit from:

  • Capability to integrate threat investigation and incident response workflows in Splunk
  • Mass enrichment of domain observables with DomainTools intelligence
  • Proactive monitoring of malicious domains within Splunk

Read More: Cloud-based Security Solution Investment Increases, Shifts to Remote Working

  • Discovery of new domain IOCs related to network observables from within Splunk

“With attackers taking advantage of the pandemic and attack surfaces increasing with the shift to remote work, security teams are facing new challenges around putting security events in context to actively defend their organizations. The DomainTools App for Splunk allows customers to enrich and monitor malicious domains at scale without leaving the Splunk interface,” said Jackie Abrams, VP of Product, DomainTools.

The DomainTools App for Splunk is powered by the DomainTools Risk Score, a proprietary scoring algorithm that finds malicious domain names before they can be weaponized. The technology is based on machine learning algorithms applied to DomainTools’ unparalleled coverage of domain name features and infrastructure characteristics.