This app has been tested on a 6.2.2 version of Splunk® installed on a 64 bits Windows
7 Professional and a Debian 7.
This dashboard shows you an overview based on the current data in the local Data Base
providing geolocation information as well as the current top 10 affected ASN’s and Domains
giving you the last trends in Cybercrime.
By default once you open the Threat Overview page, data from the last month is shown on
the dashboard. However, you can set up your custom date range using the date picker
This feed provide multiple lookup tables like malicious ips, urls, domains, etc.
This tap shows the current state of the Bot Ips feed. It provides information about the last inserted infected ips, as well as trends like most infected operating systems or the top 10 portal domains that bots are reporting data to a C&C.
This feed provide multiple lookup tables like infected ips, operating systems, C&Cs, etc.
Attacking IPs dashboard shows the current state of your Splunk attacking IPs lookup tables. This feed allows you to monitor current threats in real-time and includes geolocation information about the attack, accurate timestamp data and attack categorization. Note this feature is only available to commercial users.
The malware dashboard shows the current state of your Splunk malware hashed lookup tables. This provides a list of most recently analyzed malware samples where you can search for the file hash. This data is rated with confidence levels from LOW to HIGH and search queries can be filtered using this criteria. Note this feature is only available to commercial users.
In this last tap, hacktivism trends are previewed. The top plot is a HeatMap that shows the
countries where a high level of hacktivism has been detected. The bottom plot gives
information about the TOP 6 hacktivism hashtags over the last month.
On this view a threat analyst can create custom searches with multiple IOC inputs such as IP,
Domain, as well as a filtering by a date range.
Clicking on a result will open a new page and you will be able to adapt your search using
Splunk's search engine to create a new custom dashboard or alerts.
If you are interested in getting full access to our Threat Intelligence feed, contact us at
email@example.com to get your API credentials that will allow you to update Splunk App for
Blueliv’s local Data Base with current and real-time Threat Intelligence updates.
Once you have got your API open Configuration tab and set your api-key and access type (FREE/COMMERCIAL).
Fix hacktivism map
Added integrations with Attacking IPs and Malware Hashes
Add headers to the requests
App icon updated
- Use KV Store to store crimeservers collection anf botips collection
- Add botips lookup table
- Add crimeservers/malicious urls lookup table
- Add dashboard to show botips feed data
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.