Risk IQ: Splunk App Development for PassiveTotal

Crest built integrations of RiskIQ Passivetotal into Splunk and provided a consistent user experience to enable monitoring from a single source for security teams.


Home > Case Studies > Risk IQ: Splunk App Development for PassiveTotal

 

Executive Summary

Leverage the RiskIQ PassiveTotal to

identify threats and Seamlessly aggregate, correlate and enrich Splunk data with RiskIQ’s Internet Intelligence Graph. Upload indicators of all targeted indicators or bulk enrichment and save results directly within local Splunk indexes.

RiskIQ is the security domain company based in San Francisco, California. RiskIQ is the leader in digital attack surface management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. Visit https://www.riskiq.com for more details.

 

Business Challenge

Today, enterprise security teams require a full view of their digital attackers to get a better understanding of threats. The major need is to identify which internal ips are contacting to which domains outside of the firewall. All companies are in digital transformation like moving to the cloud, adopting SaaS applications, automating development operations, and switching to a serverless architecture—making monitoring and managing an enterprise’s digital attack surface increasingly difficult. The major challenge to every enterprise security team is the ability to timely detect, investigate, and respond to threats.

 

Customer Solution

RiskIQ PassiveTotal® App for Splunk seamlessly combines and enriches Splunk’s platform and RiskIQ to help the security teams how internal assets interact with external infrastructure so they can block or prevent attacks and know if they’ve been breached. We have integrated RiskIQ Passivetotal into Splunk by providing the same look and feel to avoid monitoring for security teams from two different screens. We are also helping customers for specific mentioned indicators that are matching into Splunk data or not by searching those indicators in the whole Splunk environment. We are also providing support to bulk upload indicators and details into Splunk and leveraging RiskIQ API to store and maintain a local index source of enrichment data from investigations for future triage.

 

Screenshots

RiskIQ Look and Feel Panel In Splunk

Matching Events Across Splunk Environment

Previous
Previous

Scale Cloud Infrastructure with Automation

Next
Next

Databricks: Splunk Integration for Security Use Cases