We have a new DomainTools App supporting Splunk 8.x environments and built on the latest SDK. While we will continue to support this older version of the app, subsequent features will only be available in the new app. Please write to us at enterprisesupport@domaintools.com if you need assistance with the new app.
- DomainTools App for Splunk 3.5 User Guide
- DomainTools App for Splunk 3.4 User Guide
DomainTools App for Splunk 3.5 is the General Availability (GA) release for 3.4.x Beta versions of our app.
We expect 3.5 to be the final major release supporting Splunk 7.x environments.
DomainTools App for Splunk 3.5 REQUIRES access to one of the below API sets:
- Iris Package - Iris Enrich & PhishEye APIs (Complete App functionality)
- Risk Score API (Limited App functionality)
- Reputation Score API (Limited App functionality)
This release is a patch to 3.4.x and addresses some of the issues discovered since 3.4 release.
The release addresses the following issues:
- Allow Non-Iris-API customers to perform ad-hoc lookups
- Brings in new tags from Iris for observed domains
- Resolves ES dashboard REST API error noticed on indexer clusters
- ES dashboard to display only DomainTools notable events
If you are using the 3.4 or 3.4.2 version, an upgrade to 3.4.3 is highly recommended. If you are in Splunk Cloud, kindly read instructions above "For Splunk Cloud Customers" to upgrade to this version.
This release is a patch to 3.4 and addresses some of the issues discovered since 3.4 release. We also added Splunk recommendations to make 3.4 Splunk Cloud compatible.
Following are some of the key changes introduced in this patch release:
- Implement Splunk best practices for Splunk Cloud compatibility
- Append macro definition for 'Dangerous Domain' in DomainTools Threat Investigation dashboard
- Replace Scripted Inputs with Saved Searches for Cloud compatibility
- Decommissioned Brand Monitor functionality from the App (replaced by DomainTools PhishEye)
There are multiple key features introduced in this release of the App:
In addition to the above new features, existing capabilties from previous versions of the app has also been retained. Notable mentions are:
Lastly, the app improves upon its previous versions in optimizing API perfomance in leveraging the latest DomainTools Iris Enrich API. We also addressed numerous bugs and issues reported by our customers.
3.3.392 was released to address issues in Splunk Cloud environemnts wrt limited search head functionalities in prior versions. The hotfix addresses the following changes:
The 3.3.39 version of DomainTools TA for Splunk contains performance enhancements that will benefit new users of the app.
Existing users of the DomainTools TA may also benefit from these fixes, especially if they are experiencing specific problems addressed in this build. However, we encourage users who are upgrading to first contact us to understand the changes and anticipate the impact on an existing deployment.
DomainTools App for Splunk 3.5 is the General Availability (GA) release for 3.4.x Beta versions of our app. We expect 3.5 to be the final major release supporting Splunk 7.x environment
3.5 Release Notes :
Fixed:
Fixes Memory leak issues with an unconfigured/dormant app
Retrieves correct PhishEye API keys in environments with conflicting third-party apps
Accurate domain count inside the Threat Map in the Threat Intelligence Dashboard
Correctly counts the Total Events KPI in the Threat Intelligence dashboard
Eliminates duplicate PhishEye API calls
Changes:
Alexa 1M filtering has been deprecated. The capability removed from the App Settings page
Brand Monitor UI feature has been deprecated. Underlying code components removed from the app
DomainTools App for Splunk 3.5 will continue to support the below APIs:
Iris Enrich API
PhishEye API
Risk Score API **
Reputation Score API **
** limited functionality within the app, as prior versions
Check "Details Page" for additional information.
3.4.3 is considered a Beta release
#Release Notes for version 3.4.3
This release is a patch to 3.4.x and addresses some of the issues discovered since 3.4 release.
The release addresses the following issues:
- Allow Non-Iris-API customers to perform ad-hoc lookups
- Brings in new tags from Iris for observed domains
- Resolves ES dashboard REST API error noticed on indexer clusters
- ES dashboard to display only DomainTools notable events
If you are using the 3.4 or 3.4.2 version, an upgrade to 3.4.3 is highly recommended. If you are in Splunk Cloud, kindly read instructions in "Details Page" for requesting this version to be deployed in your Cloud instance.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.