Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

Best Practices

cloud.jpeg

Splunk application for ActiveTrust Cloud

NJeanselme
Adviser
Posts: 15
NJeanselme

Splunk application for ActiveTrust Cloud

Adviser on ‎01-10-2018 10:20 PM ‎07-11-2022 09:53 AM Adviser

Hello,

 

I have just published a Splunk application for ActiveTrust Cloud.

 

This application allows to:
- get ActiveTrust Cloud logs into Splunk using the REST API introduced with ATC 2.0
- filter it efficiently with full drill down support based on the time, threat property, threat class, source IP, domain name, query type and much more
- get context from Infoblox Dossier threat intelligence.

 

Mandatory requires ActiveTrust Cloud.
Optionally requires Dossier for threat intelligence

 

https://splunkbase.splunk.com/app/3850/

 

Some screenshots

0.png

 

1.png

2.png

4.png

5.png

 

Any feedback welcome.

 

Regards

 

Nicolas

Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: