SpyCloud Investigations App for Splunk enables users to explore criminal activity through the lens of recaptured data and provides access to SpyCloud’s repository of billions of recaptured darknet assets from within your Splunk environment to assist with cybercrime and fraud investigations. 

The SpyCloud Investigations App enables Splunk users to uncover the the true identities of specific criminals, profile criminal targets, determine the origin of data used in credential stuffing attacks and identify the exposure of public applications to botnet credential stealers, research criminal campaigns (including the breadth and nature of malicious campaigns), and understand user risk from reused credentials to malware infections. The app includes a GUI for ad-hoc searching and downloading of data. Additionally, two custom search commands are included that allow a customer to use SpyCloud’s dataset from within Splunk queries.