The Silent Push and Splunk integration includes a SIEM application that Splunk customers use to utilize the threat intelligence from Silent Push, in the Splunk environment.
From the Splunk application, users can measure logs against the following information types from Silent Push:
Indicators of Future Attack (IOFA): Used for early warnings of potential breaches and to correlate with existing logs.
PADNS Data: Used to access DNS records and enrich context with metrics like IP Diversity for threat hunting and analysis.
Reputation Data: Used to investigate the history and trustworthiness of indicators like ASNs, nameservers, and subnets.
Enrichment Data: Used to retrieve context for domains, IPv4, and IPv6, which helps identify and understand potential security threats.
Web Scan Data: Used to search historical IP scanning data, get current metadata, and take screenshots for incident response and investigations.
Correlation Results: Used to understand matched indicators within Splunk indices, which enhances security monitoring and incident response.
Benefits
Customers gain the following benefits from our Splunk SIEM integration:
Direct Access to Silent Push Data: Splunk customers gain direct access to our threat intelligence datasets in Splunk.
Real-time Threat Detection: Customers can correlate their logs with our IOFAs to receive early warnings of potential breaches.
Improved Context for Indicators: Customers can access enriched context for domains, IPv4, and IPv6.
Automated Investigations: Our integration enables automated data enrichment for domains and IPs, that include reputation scores and risk scores.
Enhanced Incident Response: Security logs are enhanced with risk scores and reputation scores, which facilitates quicker and more informed decisions to detect indicators before a breach.
Visualization Dashboards: Splunk customers use provided dashboards to visualize our threat intelligence data, which includes indicators, correlation results, and reputation details.
Requirements
To facilitate the Splunk SIEM integration, Silent Push users must have the following:
Silent Push Authenticated API Key: A valid API key from a Silent Push account.
Splunk Environment: A Splunk environment to install the application.
Splunk Enterprise Version: The Splunk app is compatible with versions 9.0.x, 9.1.x, 9.2.x, and 9.3.x.
Splunk Common Information Model (CIM): The CIM data models must match the indicators with the data model events.
For more information about the Splunk SIEM integration, like how to install the integration in the Splunk app, go to Splunk Splunkbase.