SlashNext Automated Data Enrichment App is a carefully crafted feature-rich integration available to entire Splunk community of users. Built with Threat hunting and SoC teams in mind, this first version is-
1- Meant to provide Phishing-focused intelligence to identify compromised machines and users clicking on phishing links
2- Aimed at reducing attacker dwell time, risk of breaches and more costly IR efforts
3- Built for automation driven threat analysis and data enrichment enterprise initiatives
4- A great tool to quickly add context with real-time intelligence for improved analytics.
Powered by SlashNext SEER™ threat detection cloud and built using our on-demand Threat Intelligence (OTI) APIs, this app allows to request data including host reputation as well as real-time scan (in blocking mode, for instance) of IPs, Domains, and URLs.
SOC Analysts and IR teams can triage network logs data and analyze them with to get definitive, binary verdicts (malicious or benign) along with rich metadata – full screenshots, HTML and more. Deep integration also powers the Splunk Enrichment Dashboard for added visualization for threat analysis and hunting. This powerful capability not only saves time & cost, but can even prevent potential phishing attacks on organizations of all sizes.
Minor changes and bug fixes
First version of SlashNext App for Splunk
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.