Latest Version 1.0.2
January 26, 2022
Welcome to the new Splunkbase! To return to the old Splunkbase, .
This app is archived.
Spamhaus Datasets for Splunk
Spamhaus Datasets for Splunk provide a custom search command enabling you to easily query IPs and host names within your Splunk data, to see if they're known to be connected with abused internet resources, as observed by Spamhaus.
Built by
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1
Rating
0
(0)
Log in to rate this app
Support
Not Supported
Spamhaus Datasets for Splunk provide a custom search command enabling you to easily query IPs and host names within your Splunk data, to see if they're known to be connected with abused internet resources, as observed by Spamhaus.
There are multiple use cases including (a) the ability to detect if suspicious log entries in your systems are being caused by IPs known to be part of a botnet or (b) investigating if unexplained HTTP traffic is trying to reach an IP/hostname known to be controlling botnets.
To utilize this data customers must be subscribed to the Spamhaus Data Query Service (DQS). This service is FREE for low-volume users, simply complete the sign-up form at: https://www.spamhaustech.com/free-trial/sign-up-for-a-free-data-query-service-account/
Categories
Created By
Spamhaus Technology
Type
addon
Downloads
491
Licensing
Splunk Answers
Resources
Log in to report this app listing