Splunk SOAR Integration

  • Updated on Mar 3, 2025
  • Published on Jun 20, 2024
  • 1 minute(s) read
Prev Next

The Silent Push and Splunk integration includes a SOAR connector that Splunk SOAR customers use to utilize our threat intelligence in their own security workflows.

The Splunk SOAR connector is a central component that acts as a bridge between Splunk and Silent Push. Splunk SOAR customers use the connector to retrieve the following information types:

  • Domain information and IP Information: Includes risk scores, live WHOIS information, and certificate data that customers use to assess the security posture of domains and IPs.

  • Reputation Data: Includes ASN, nameserver, and subnet reputation, that helps users understand the trustworthiness of network infrastructure.

  • Enrichment Data: Includes comprehensive details for domains, IPv4 addresses, and IPv6 addresses, to enhance analysis and threat intelligence. Also includes DGA probability, Alexa rank, registration details, and security flags.

  • PADNS Data: Includes access to passive DNS data, record types, and enriched metrics like IP diversity for investigation and analysis. Also includes the ability to perform forward PADNS lookups, reverse PADNS lookups, and density lookups.

  • Infratag Details: Includes infratag information to understand infrastructure tags with optional clustering for a deeper analysis of the connections associated with a domain.

  • Indicators of Future Attack Feeds: Includes feeds of IOFAs for proactive threat detection and prevention of attacks.

  • URL Scanning: Includes live URL scans that retrieve metadata, and capture screenshots for threat analysis.

  • Scan Data: Includes information from Silent Push's scan data repositories using SPQL syntax.

Benefits

Customers gain the following benefits from our Splunk SOAR integration:

  • Access to Silent Push Data

  • Automated Enrichment

  • Enhanced Incident Response

  • Live URL Scanning

  • Future Attack Feed Integration

  • Vendor Agnostic Data Architecture

Requirements

To facilitate the Splunk SOAR integration, Silent Push users must have the following:

  • Silent Push Authenticated API Key: A valid API key from a Silent Push account is required to authenticate the connector.

  • Splunk SOAR Environment: Users need a Splunk SOAR environment to install the connector.

  • Splunk SOAR Version: The minimum product version supported is 6.2.0.

For more information about the Splunk SOAR integration, like how to install the integration in the Splunk app, go to Splunk Splunkbase.