RiskIQ for Splunk

Providing Security Teams with Full Attack Surface Visibility

External Intelligence, Applied Internally

RiskIQ for Splunk provides security teams with the most comprehensive attack surface management solution on the market. Whether it’s finding unknown digital assets exposed on the Internet or investigating threats, RiskIQ has a native Splunk solution to aid your efforts. All applications and add-ons are available within Splunkbase and can be installed for free.

RiskIQ Offerings

 

Digital Footprint for Splunk

Sync your externally-facing asset inventory and corresponding events directly into Splunk in order to report on trends, visualize data within dashboards and complete your attack surface visibility.

PassiveTotal for Splunk

Aggregate, correlate and enrich Splunk data with RiskIQ’s Internet Intelligence Graph, providing unparalleled context and intelligence to detect, investigate and remediate IoC’s and security events.

Security Intelligence Services for Splunk

Stay several steps ahead of the threat with RiskIQ Attack Analytics data in order to detect, correlate or investigate suspicious activity across your local log data.

RiskIQ Digital Footprint for Splunk

Reducing Vulnerabilities and Exposures Through Visibility

Illuminate Your Attack Surface

RiskIQ Digital Footprint for Splunk enables security teams to take control of their attack surface, reducing their risk and creating a better defense. The RiskIQ Digital Footprint App for Splunk will automatically ingest your external asset inventory including asset metadata. Use this data to build reports, trigger alerts or aid in the identification of vulnerabilities or exposures against your assets.

  • Access and continuously synchronize your attack surface inventory directly within Splunk.
  • Leverage pre-built dashboards and reports or customize your own in order to glean insights into your attack surface.
  • Rapidly search across your asset inventory including metadata to surface vulnerable or out-of-compliant infrastructure.
  • Automate your workflow using Splunk alerts triggered off changes in your attack surface.
  • Correlate local log data with your externally facing asset inventory to identify vulnerabilities, exposures or potential compromises.

Digital Footprint Application Support Guide

RiskIQ is happy to provide support for our Splunk applications. If you have questions, feedback or run into issues, please contact us using support@riskiq.com. Alternatively, existing enterprise clients can reach out directly to their support representative. Please do not contact Splunk support for issues related to the RiskIQ applications.

RiskIQ PassiveTotal for Splunk

Enhancing your Security Operations with Petabytes of Internet Intelligence

Accelerate Investigations, Eliminate Threats

RiskIQ PassiveTotal App for Splunk enables security teams to accelerate their investigations, eliminate threats and better protect their enterprise. The PassiveTotal App for Splunk allows you to aggregate, correlate and enrich Splunk data with RiskIQ’s Internet Intelligence Graph, providing unparalleled context and intelligence to detect, investigate and remediate IoC’s and security events.

  • Perform live investigations on infrastructure directly within Splunk including performing pivots and local event search.
  • Collaborate with peers regardless of their location or interface by following the TeamStream.
  • Upload indicators of compromise for one-time or scheduled bulk enrichment and save directly within local Splunk indexes.
  • Access PassiveTotal functionality anywhere throughout Splunk with custom enrichment commands.
    Maintain a local index source of enrichment data from investigations for future triage or evidence preservation.

PassiveTotal Application Support Guide

RiskIQ is happy to provide support for our Splunk applications. If you have questions, feedback or run into issues, please contact us using support@riskiq.com. Alternatively, existing enterprise clients can reach out directly to their support representative. Please do not contact Splunk support for issues related to the RiskIQ applications.

RiskIQ Security Intelligence Services for Splunk

Applied Internet-scale Context, Delivered Locally

Internet as Enrichment

RiskIQ Security Intelligence Services for Splunk enables security teams to rapidly scale and automate their threat detection programs. The Security Intelligence Services Add-on will automatically ingest and store RIskIQ Intelligence directly within Splunk, so that it can be applied against local log information.

  • Cross-reference local logs with newly registered infrastructure to identify suspicious activity.
  • Identify and automate searching for trends in new, suspicious and malicious infrastructure at scale.
  • Generate high-fidelity security incidents based on blacklist, phish and scam data.

Security Intelligence Services Add-on Support Guide

RiskIQ is happy to provide support for our Splunk applications. If you have questions, feedback or run into issues, please contact us using support@riskiq.com. Alternatively, existing enterprise clients can reach out directly to their support representative. Please do not contact Splunk support for issues related to the RiskIQ applications.

Questions About The Integration?

 

Interested in Becoming a Partner?

 

RiskIQ and our technology partners enable our customers to maximize the value of their security infrastructure, staff, and better protect their enterprise. Together, we deliver precise detection, faster investigations, easier collaboration, automated remediation, blocking, and takedown.