Risk IQ: Splunk App Development for PassiveTotal
Crest built integrations of RiskIQ Passivetotal into Splunk and provided a consistent user experience to enable monitoring from a single source for security teams.
Home > Case Studies > Risk IQ: Splunk App Development for PassiveTotal
Executive Summary
Leverage the RiskIQ PassiveTotal to
identify threats and Seamlessly aggregate, correlate and enrich Splunk data with RiskIQ’s Internet Intelligence Graph. Upload indicators of all targeted indicators or bulk enrichment and save results directly within local Splunk indexes.
Business Challenge
Today, enterprise security teams require a full view of their digital attackers to get a better understanding of threats. The major need is to identify which internal ips are contacting to which domains outside of the firewall. All companies are in digital transformation like moving to the cloud, adopting SaaS applications, automating development operations, and switching to a serverless architecture—making monitoring and managing an enterprise’s digital attack surface increasingly difficult. The major challenge to every enterprise security team is the ability to timely detect, investigate, and respond to threats.
Customer Solution
RiskIQ PassiveTotal® App for Splunk seamlessly combines and enriches Splunk’s platform and RiskIQ to help the security teams how internal assets interact with external infrastructure so they can block or prevent attacks and know if they’ve been breached. We have integrated RiskIQ Passivetotal into Splunk by providing the same look and feel to avoid monitoring for security teams from two different screens. We are also helping customers for specific mentioned indicators that are matching into Splunk data or not by searching those indicators in the whole Splunk environment. We are also providing support to bulk upload indicators and details into Splunk and leveraging RiskIQ API to store and maintain a local index source of enrichment data from investigations for future triage.