Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Musubu IP Threat Data for Splunk
SHA256 checksum (musubu-ip-threat-data-for-splunk_130.tgz) 929c714a98f4bff63744abc0bea53b2e43f7309389377569e56957e432cf4e9e SHA256 checksum (musubu-ip-threat-data-for-splunk_120.tgz) 0207c69cdbb938a7e9a7f3366e830f66a39cd31ad6ca8a494c3b6ad333812099 SHA256 checksum (musubu-ip-threat-data-for-splunk_110.tgz) 0e2059d9513cda4cccf32bb683f2f0eb6c9223fd2ed67564bea7b84059d96112 SHA256 checksum (musubu-ip-threat-data-for-splunk_100.tgz) fd33cf14f384abe24674d87eb3228576174e71c7cb57a09a23281ec56806269c
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Musubu IP Threat Data for Splunk

Overview
Details
"NOTE: Request Free 7-Day Trial API Key via support@musubu.io"

Use Musubu’s unique IP & Network cyber threat scoring and profiling API right in your Splunk instance to determine the following for each IP:
- Cyber Threat Score: A 0-100 rating of how much of a cyber threat the IP may be based on the output of our analytics and algorithms.
- Cyber Threat Classification: High-Medium-Nuisance-Low rating of an IPs cyber threat potential for quick identification.
- Blacklist Class: The predominant cyber threat vector seen as associated with the IP address (e.g. Phishing, Ransomware, TOR, etc.).
- Blacklist Count: The number of major IP blacklisting services that have blacklisted the IP address.
- Blacklist Neighbors: The number of other IP addresses in the same subnet that have been blacklisted.
- Blacklist Count: The number of times in the last 90 days the IP address has been blacklisted.

Simply add one or more data sources to the Musubu Add-on and then you will be able to mouse over each IP address to see our threat profiling data. Use it to perform faster threat detection, threat identification, response, and mitigation.

Leverage the “showipthreatdata” custom command within the add-on to make direct calls to the Musubu API from the Splunk search view. See example below - Musubu results for the specified IP are returned in a Tableview.

Syntax: | showipthreatdata ipaddress

Musubu IP Threat Data for Splunk Overview

Use Musubu’s unique IP & Network cyber threat scoring and profiling API right in your Splunk instance to determine the following for each IP:
- Cyber Threat Score: A 0-100 rating of how much of a cyber threat the IP may be based on the output of our analytics and algorithms.
- Cyber Threat Classification: High-Medium-Nuisance-Low rating of an IPs cyber threat potential for quick identification.
- Blacklist Class: The predominant cyber threat vector seen as associated with the IP address (e.g. Phishing, Ransomware, TOR, etc.).
- Blacklist Count: The number of major IP blacklisting services that have blacklisted the IP address.
- Blacklist Neighbors: The number of other IP addresses in the same subnet that have been blacklisted.
- Blacklist Count: The number of times in the last 90 days the IP address has been blacklisted.

Musubu IP Threat Data Tooltip in Splunk

Simply add one or more data sources to the Musubu Add-on and then you will be able to mouse over each IP address to see our threat profiling data. Use it to perform faster threat detection, threat identification, response, and mitigation.

Custom Command => showipthreatdata

Leverage the “showipthreatdata” custom command within to add-on to make direct calls to the Musubu API from the Splunk search view. See example below - Musubu results for the specified IP are returned in a Tableview.

Syntax: | showipthreatdata ipaddress

To use the Musubu add-on, install from Splunkbase, then:
Purchase a Musubu API “Small Plan” or higher from https://musubu.io/api-pricing/
Once you receive your API Key, respond back to our support@musubu.io alias with your Splunk IP address for whitelisting.
Open the configuration for the Musubu Add-on and set the following configurations:
Step 1. Enter your Unique API Key as shown below and click “Save”
Step 2. Create and configure an input using a sample ipv4 address
Step 3. Verify the input is functional

Step 1. Enter API Key
Step 2. Create and configure an Input. Click “Add” to save the new input.
Step 3. Verify Musubu Input is functional by searching the applicable index.

Details

System requirements:

Splunk version 6.3 or greater
Windows, Linux or Mac OS operating system
Installation

App installation requires admin privileges.

Navigate to "Manage apps" and click "Install app from file"
Upload the app bundle

Troubleshooting

API Key is required
In order to use Musubu’s IP & network cyber threat profiling per IP address in Splunk, you must have a valid Musubu API “Small Plan” subscription or higher: https://musubu.io/api-pricing/

Error Codes

View Musubu for Splunk add-on logs at the following location:
SPLUNK_HOME/system/var/log

Logs files related to the add-on have the following syntax: ta-musubu-for-splunk-somecomponent.log

Errors pertaining to the Musubu custom command “| showipthreatdata ipaddress” will display verbosely in the web console.

Release Notes

Version 1.0.0
December 5, 2018
- Initial Release

BUILT BY
Musubu
CATEGORY & CONTENTS
Categories: Security, Fraud, and Compliance
App Type: App
App Contents: Alert Actions
COMPATIBILITY
Products: Splunk Cloud, Splunk Enterprise
Splunk Versions: 7.1, 7.0, 6.6, 6.5, 6.4, 6.3
Platform: Platform Independent

LICENSING

Musubu API License
SUPPORT
Musubu Supported at support@musubu.io

Release Notes

Version 1.3.0
Dec. 7, 2018

Added new icon set

Version 1.2.0
Dec. 7, 2018

- added new main page and tooltips page

Version 1.1.0
Dec. 7, 2018

Version 1.0.0
Dec. 6, 2018

Version 1.0.0
December 5, 2018
- Initial Release

BUILT BY
Musubu
CATEGORY & CONTENTS
Categories: Security, Fraud, and Compliance
App Type: App
App Contents: Alert Actions
COMPATIBILITY
Products: Splunk Cloud, Splunk Enterprise
Splunk Versions: 7.1, 7.0, 6.6, 6.5, 6.4, 6.3
Platform: Platform Independent
LICENSING
Musubu API License
SUPPORT
Musubu Supported at support@musubu.io

7
Installs
11
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2018 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.