SpyCloud is the market leader in protecting enterprises and their customers from online fraud, account takeover, and follow-on attacks like ransomware. We provide an early warning of compromised credentials and malware-infected users, so you can take action before the criminals do. 

This add-on provides integration into SpyCloud’s Enterprise API, allowing you to download breach alerts directly into Splunk so you can take action immediately. This add-on uses the customer’s configured SpyCloud watchlist (domain(s), email(s) and IP address(es)) when determining what data to download into Splunk. The add-on setup requires the user to specify the index to use when storing data and a valid SpyCloud Enterprise ATO Protection API Key. The add-on pulls data on a predefined daily schedule which can be adjusted by the user.

This data loaded by this add-on can be viewed using the SpyCloud Application for Splunk found here: https://splunkbase.splunk.com/app/6373/