The Silent Push Splunk SOAR connector integrates Silent Push’s threat intelligence into Splunk SOAR, enabling customers to enhance their security orchestration, automation, and response (SOAR) workflows. This connector acts as a bridge between Splunk SOAR and Silent Push, allowing users to leverage actionable threat intelligence for proactive threat detection, analysis, and response.
Key features
The Silent Push Splunk SOAR connector provides access to the following data types:
Domain and IP Information: Includes risk scores, live WHOIS data, and certificate details to assess the security posture of domains and IPs.
Reputation Data: Provides insights into the trustworthiness of ASNs, nameservers, and subnets.
Enrichment Data: Offers comprehensive details for domains, IPv4, and IPv6 addresses, including DGA probability, Alexa rank, registration details, and security flags.
Passive DNS (PADNS) Data: Enables access to passive DNS records, enriched metrics like IP diversity, and support for forward/reverse PADNS lookups and density lookups.
Infratag Details: Delivers infrastructure tag information with optional clustering to analyze connections associated with domains.
Indicators of Future Attack (IOFA) Feeds: Supplies feeds for proactive threat detection and attack prevention.
URL Scanning: Supports live URL scans to retrieve metadata and capture screenshots for threat analysis.
Scan Data: Allows querying Silent Push's scan data repositories using SPQL syntax.
Benefits
The Silent Push Splunk SOAR integration delivers the following advantages:
Seamless Data Access: Directly integrates Silent Push's threat intelligence into Splunk SOAR workflows.
Automated Enrichment: Streamlines analysis by automatically enriching domains, IPs, and other indicators with risk scores and contextual data.
Enhanced Incident Response: Accelerates decision-making with enriched threat intelligence, enabling faster and more effective responses.
Live URL Scanning: Provides real-time URL metadata and screenshots to support threat investigations.
Proactive Threat Detection: Leverages IOFA feeds to identify and prevent potential attacks before they occur.
Vendor-Agnostic Architecture: Ensures compatibility with diverse security tools and workflows.
Requirements
To use the Splunk SOAR connector. you need:
Silent Push API Key: A valid API key from a Silent Push account is required to authenticate the connector.
Splunk SOAR Environment: Users need a Splunk SOAR environment to install the connector.
Splunk SOAR Version: The minimum product version supported is 6.2.0.
For more information about the Splunk SOAR integration, like how to install the integration in the Splunk app, go to Splunk Splunkbase.