Overview

Splunk® and Farsight Security® Inc. have partnered together to allow access to Farsight’s Passive DNS data from within the Splunk platform. Splunk is a popular SIEM platform for organizing, searching, monitoring, analyzing, and visualizing machine gathered data in a web interface. Farsight has co-developed two Apps for the Splunk platform; the Farsight DNSDB℠ App for Splunk and the Farsight Sentry Manager App for Splunk. These Apps give Splunk Enterprise customers the ability to use Farsight’s DNSDB and Security Information Exchange (SIE) as additional resources with their current Splunk workflows and analytics.

Technical Description

With the Farsight DNSDB App, users can learn the history and associated infrastructure of a suspicious domain name or IP to gain critical contextual information for their existing event data. Users can add this capability to an existing workflow to generate queries automatically and populate contextual information for all domains and addresses that were the target of DNS requests made by hosts in their infrastructure.

With the Farsight Sentry Manager App users can create Splunk events for patterns matched within Farsight’s SIE channels. When added to Splunk, this allows users to map out and investigate new threats to their network in real-time.

Both the Farsight DNSDB App and Farsight Sentry Manager App for Splunk allow for better visibility in the detection, identification, and analysis of new and exist threats to the user’s network.

Hardware and Software Requirements

The Farsight Splunk Apps are web based applications that can be accessed via any browser supported by Splunk Enterprise.

The Farsight Splunk Apps have no specific hardware and software requirements, as they are run within a Splunk Enterprise environment. All of the Splunk Enterprise system requirements apply.

Farsight DNSDB for Splunk

Use of the Farsight DNSDB for Splunk App requires access to Splunk Enterprise and a Farsight DNSDB API key. A 30-day trial for DNSDB API is available upon request. To request a trial or learn more about the Farsight subscription services please contact Farsight Security.

Farsight Sentry Manager for Splunk

Use of the Farsight Sentry Manager for Splunk app requires access to Splunk Enterprise and a Farsight Brand Sentry or Farsight Domain Sentry API key. To request a trial for Farsight Brand Sentry or Farsight Domain Sentry or to learn more about the Farsight subscription services please contact Farsight Security.

Additional Information

About Farsight Security

Farsight Security, Inc. is the world’s largest provider of historical and real-time DNS intelligence solutions. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at www.farsightsecurity.com or follow us on Twitter: @FarsightSecInc.