HYAS Protect for Splunk SOAR

HYAS Protect for Splunk SOAR HYAS Protect for Splunk SOAR integrates real-time DNS-layer intelligence directly into your SOAR playbooks. This integration allows security teams to enrich investigations with HYAS Protect verdicts for domains, IP addresses, fully qualified domain names (FQDNs), and nameservers. With HYAS Protect for Splunk SOAR, security operations can: - Retrieve real-time verdicts on domains, IPs, FQDNs, and nameservers. - Incorporate HYAS Protect’s DNS-layer intelligence into incident investigations and playbooks. - Leverage Protect verdicts to support incident triage, prioritization, and contextual enrichment. - Build automated playbooks that integrate HYAS Protect verdicts into existing detection and response workflows. By combining Splunk SOAR automation with HYAS Protect’s infrastructure-based threat intelligence, security teams can accelerate investigations and improve incident response decision-making with high-fidelity DNS intelligence. Key Features - Verdict lookups for domains, IP addresses, FQDNs, and nameservers - Real-time DNS-layer enrichment inside Splunk SOAR playbooks - Seamless integration with Splunk SOAR 6.x and higher - API Key-based authentication

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using supplied configuration
• ip verdict: Perform this action to get the Hyas Verdict for IP
• domain verdict: Perform this action to get the Hyas Verdict for Domain
• fqdn verdict: Perform this action to get the Hyas Verdict for FQDN
• nameserver verdict: Perform this action to get the Hyas Verdict for Nameserver
• block dns: Perform this action to add domain to deny list