SecurityTrails strives to make the biggest treasure-trove of cyber intelligence data readily available in an instant. We work relentlessly to empower experts so they can thwart future attacks with up-to-date data, proprietary tools, and custom solutions.
This Add-On provides a method to use Splunk Adaptive Response to automate lookup of a Domain or IP against SecurityTrails API located here. Currently we support the following API calls.
- Get Domain Information
- List Subdomains
- List Tags
- WHOIS
- Historical DNS
- Historical WHOIS
- Domain Searcher (Searching Domains)
- IP Range Checker
This Add-On requires access to the SecurityTrails API located here and the Splunk Common Information Model App located here
- Either git clone this directory 'git clone https://github.com/secops4thewin/TA-securitytrails.git' or download the spl file located here.
- Install the add-on to the indexer and search head in your Splunk environment
- On the Search Head open the add on by going to http://yoursplunkserver:8000/en-GB/app/TA-securitytrails/configuration
- Enable a proxy if it is required
- Click Add-on Settings and enter the API Key and the Index.
- Click Save
- If you have proxy rules please allow https://api.securitytrails.com from your Search Head
- Create a search that produces a result such as a domain name and pass the results using the Splunk tokens such as
$result.dest$
1.0.0 Initial release with API functionality