RiskIQ for Splunk

Illuminate Your Attack Surface

RiskIQ Digital Footprint for Splunk enables security teams to take control of their attack surface, reducing their risk and creating a better defense. The RiskIQ Digital Footprint App for Splunk will automatically ingest your external asset inventory including asset metadata. Use this data to build reports, trigger alerts or aid in the identification of vulnerabilities or exposures against your assets.

• Access and continuously synchronize your attack surface inventory directly within Splunk.
• Leverage pre-built dashboards and reports or customize your own in order to glean insights into your attack surface.
• Rapidly search across your asset inventory including metadata to surface vulnerable or out-of-compliant infrastructure.

• Automate your workflow using Splunk alerts triggered off changes in your attack surface.
• Correlate local log data with your externally facing asset inventory to identify vulnerabilities, exposures or potential compromises.

Digital Footprint Application Support Guide

RiskIQ is happy to provide support for our Splunk applications. If you have questions, feedback or run into issues, please contact us using support@riskiq.com. Alternatively, existing enterprise clients can reach out directly to their support representative. Please do not contact Splunk support for issues related to the RiskIQ applications.

Accelerate Investigations, Eliminate Threats

RiskIQ PassiveTotal App for Splunk enables security teams to accelerate their investigations, eliminate threats and better protect their enterprise. The PassiveTotal App for Splunk allows you to aggregate, correlate and enrich Splunk data with RiskIQ’s Internet Intelligence Graph, providing unparalleled context and intelligence to detect, investigate and remediate IoC’s and security events.

• Perform live investigations on infrastructure directly within Splunk including performing pivots and local event search.
• Collaborate with peers regardless of their location or interface by following the TeamStream.

• Upload indicators of compromise for one-time or scheduled bulk enrichment and save directly within local Splunk indexes.
• Access PassiveTotal functionality anywhere throughout Splunk with custom enrichment commands.
• Maintain a local index source of enrichment data from investigations for future triage or evidence preservation.

PassiveTotal Application Support Guide

RiskIQ is happy to provide support for our Splunk applications. If you have questions, feedback or run into issues, please contact us using support@riskiq.com. Alternatively, existing enterprise clients can reach out directly to their support representative. Please do not contact Splunk support for issues related to the RiskIQ applications.

Internet as Enrichment

RiskIQ Security Intelligence Services for Splunk enables security teams to rapidly scale and automate their threat detection programs. The Security Intelligence Services Add-on will automatically ingest and store RIskIQ Intelligence directly within Splunk, so that it can be applied against local log information.

• Cross-reference local logs with newly registered infrastructure to identify suspicious activity.
• Identify and automate searching for trends in new, suspicious and malicious infrastructure at scale.

• Generate high-fidelity security incidents based on blacklist, phish and scam data.

Security Intelligence Services Add-on Support Guide

RiskIQ is happy to provide support for our Splunk applications. If you have questions, feedback or run into issues, please contact us using support@riskiq.com. Alternatively, existing enterprise clients can reach out directly to their support representative. Please do not contact Splunk support for issues related to the RiskIQ applications.