Add-On for DNS Lookup

Enrich your Splunk searches with DNS query results for any record type from any DNS server. For additional use cases, see our blog post on DNS-Based Threat Intelligence at https://www.deductiv.net/blog/dns-based-threat-intelligence/. Commercial support is now available for all of our apps! Contact us for more details. Lookups (Fields) - dnslookup_a (hostname, ip, dns_error) - dnslookup_mx (hostname, mx, dns_error) - dnslookup_reverse (hostname, ip, dns_error) - dnslookup_ptr (Same as _reverse but here for conventions) - dnslookup_ns (hostname, ns, dns_error) - dnslookup_aaaa (hostname, aaaa, dns_error) - dnslookup_txt (hostname, txt, dns_error) - dnslookup_cname (hostname, cname, dns_error) - dnslookup_alias (hostname, alias, dns_error) - dnslookup_soa (hostname, soa, dns_error) - dnslookup_srv (hostname, srv, dns_error) These are also available as dns_[resolver]_* lookups for Google (google), CloudFlare (cf), and OpenDNS (opendns). For example, dnslookup_google_a. See the README or Details tab for more information. Customization Users have the ability to customize the lookups to use their own dns server or another request type. Use the examples in default/transforms.conf to create your own version. If you find this free app useful, please give it a rating.