icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading DomainTools App for Splunk and Splunk ES
SHA256 checksum (domaintools-app-for-splunk-and-splunk-es_342.tgz) 695b20bfa7763c38a6f078335992e3ae16d4e3d12a9813a75a9d80be66b1bd64 SHA256 checksum (domaintools-app-for-splunk-and-splunk-es_33392.tgz) 9b9ddfa2f9a7712c58c5f0b8d508ff6d2ed0ef768accdde25d45fed5c2b8c416
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

DomainTools App for Splunk and Splunk ES

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
The DomainTools solution for Splunk provides direct access within Splunk to DomainTools' industry-leading threat intelligence data on domain names, the individuals who control them, and the infrastructure that supports them.

Customers who deploy the app in Splunk benefit from:
+ Increased visibility to events associated with risky domain names
+ Precisely targeted threat hunting activities
+ Rich domain data pre-populated in Splunk lookups and indexes
+ Proactive Monitoring of malicious domains leveraging PhishEye API
+ Leverage Tagged Domains from DNS Investigations from DomainTools Iris platform
+ Surface Notable Events in Splunk ES with DomainTools Risk Score

The DomainTools App for Splunk is powered by the DomainTools Risk Score, a proprietary scoring algorithm that finds malicious domain names before they can be weaponized. The technology is based on machine learning algorithms applied to DomainTools' unparalleled coverage of domain name features and infrastructure characteristics.

The app also includes Threat Hunting Dashboard to gain quick situational awareness of the risk presented by domain names on your network and helps guide teams to effectively leverage DomainTools data in their SOC workflows.

Download the DomainTools App for Splunk 3.4 User Guide.

We hope to relase major enhancements in upcoming release. Please email your feedback to splunk@domaintools.com

  • The current version of DomainTools App vetted for Splunk Cloud is 3.4.2. If recent releases of our App do not show support for Splunk Cloud, you can request cloud vetting to be performed on the app by creating a support ticket with Splunk Support and Services. Once the app passes cloud vetting, it can be installed on your Splunk Cloud instance. As a Splunk customer, only you can request cloud vetting for our apps.

Release Notes for version 3.4.2

  • 3.4.x continues to remain in Beta, since its launch at .Conf 19. Please email your feedback to splunk@domaintools.com for any issues with this version.-

This release is a patch to 3.4 and addresses some of the issues discovered since 3.4 release. We also added Splunk recommendations to make 3.4 Splunk Cloud compatible.

Following are some of the key changes introduced in this patch release:
- Implement Splunk best practices for Splunk Cloud compatibility
- Append macro definition for 'Dangerous Domain' in DomainTools Threat Investigation dashboard
- Replace Scripted Inputs with Saved Searches for Cloud compatibility
- Decommissioned Brand Monitor functionality from the App (replaced by DomainTools PhishEye)

If you are using the 3.4 version, an upgrade to 3.4.2 is highly recommended.

Release Notes for DomainTools App for Splunk 3.4

3.4 is the latest release for DomainTools users leveraging Splunk and Splunk ES.

There are multiple key features introduced in this release of the App:

  • Tag Management using DomainTools Iris Tags:
  • Domain Monitoring inside Splunk
  • Enterprise Security Capabilities and Enterprise Security Dashboards
  • Enrichment Explorer for Domain Enrichment data

In addition to the above new features, existing capabilties from previous versions of the app has also been retained. Notable mentions are:

  • Threat Management Dashboard
  • Adhoc Domain Profile Lookup inside Splunk

Lastly, the app improves upon its previous versions in optimizing API perfomance in leveraging the latest DomainTools Iris Enrich API. We also addressed numerous bugs and issues reported by our customers.

Release Notes for version 3.3.392

3.3.392 was released to address issues in Splunk Cloud environemnts wrt limited search head functionalities in prior versions. The hotfix addresses the following changes:

  1. Enables domain profile in Splunk Cloud environment
  2. disables top 1 million sites download & filter

The 3.3.39 version of DomainTools TA for Splunk contains performance enhancements that will benefit new users of the app.

Existing users of the DomainTools TA may also benefit from these fixes, especially if they are experiencing specific problems addressed in this build. However, we encourage users who are upgrading to first contact us to understand the changes and anticipate the impact on an existing deployment.

  1. New default domain name search optimized for performance, using the CIM and data model acceleration (DMA). Customers who are not yet using the CIM and DMA will need to customize the search for their environment. More details are available in the DomainTools TA Deployment Guide.
  2. Renamed "base_search" macro to "dt_base_search" to avoid naming collisions. Existing customers who use the base_search macro in their own custom searches will need to change their searches to use the new macro.
  3. Used more descriptive names for the scheduled searches to more clearly communicate their function, and ensured that only the necessary jobs were enabled.
  4. Performed dode cleanup and minor refactoring to ensure compliance with the latest Splunk AppInspect guidelines.
  5. Adjusted permissions on multiple objects to allow non-admin users to utilize more functionality in the app.
  6. Populating the Whois index is now optional as the job is not enabled by default. We recommend enabling the DomainTools Enterprise - Whois Index Populator" or "DomainTools Iris - Whois Index Populator" to enable historical searches for malicious domain names beyond the cache period of the lookups (by default, 30 days). Consult the DomainTools TA Deployment Guide for more details.

Release Notes

Version 3.4.2
Oct. 31, 2019

Check *Details Page* for additional information.

3.4.x is the latest release and currently in Beta.

#Release Notes for version 3.4.2
This release is a patch to 3.4 and addresses some of the issues discovered since 3.4 release. We also added Splunk recommendations to make 3.4 Splunk Cloud compatible.

Following are some of the key changes introduced in this patch release:
- Implement Splunk best practices for Splunk Cloud compatibility
- Append macro definition for 'Dangerous Domain' in DomainTools Threat Investigation dashboard
- Replace Scripted Inputs with Saved Searches for Cloud compatibility
- Fix for missing tag field
- Decommissioned Brand Monitor functionality from the App (replaced by DomainTools PhishEye)

If you are using the 3.4 version, an upgrade to 3.4.2 is highly recommended.

Version 3.3.392
Sept. 6, 2019

This is a Splunk Cloud only hotfix released for issues around limited search head functionalities. This version should not be used for other environments. The hotfix addresses the following:

1. Enables domain profile in Splunk Cloud environment
2. disables top 1 million sites download & filter

481
Installs
2,481
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.