Check out mnemonic's apps on Splunkbase

MNEMONIC PASSIVE DNS FOR SPLUNK

Passive DNS records the historical relationship between IP addresses and domains. It is a common tool used during activities like incident response, threat hunting and mapping threat actor infrastructure.

mnemonic maintains one of the largest passive DNS databases globally and offers it as a free, open service.

Visit https://passivedns.mnemonic.no to test it yourself.

With this app you can:

  • Query mnemonic passive DNS directly from the Splunk search field  to  find  historical relationships between IP addresses and domains.
  • Annotate your searches with a live lookup from mnemonic’s passive DNS database.

 

ACT THREAT INTELLIGENCE FOR SPLUNK

Threat intelligence plays an important role in defending against modern threat actors. However existing platforms focus on collecting data rather than analysing it, lack flexibility to support collaboration, and are often closed solutions that make sharing intelligence a challenge.

Semi-automated Cyber Threat Intelligence (ACT) is a joint research effort that has delivered an open platform to enable the collection, analysis and sharing of threat intelligence.

With this app you can:

  • Utilse a workflow action that launches a pre-defined search within your ACT instance. Pre-defined searches can be customised. For example, perform a lookup for any threat intelligence reports that mention a specific IP address.
  • Annotate your searches with a live lookup of threat data within your ACT platform.

  • Query your ACT platform directly from the Splunk search field.

*Requires an installation of the ACT platform. Get it at https://github.com/mnemonic-no/act-platform or test with our demo installation

 

MNEMONIC’S ARGUS THREAT FEED FOR SPLUNK

Threat feeds enhance existing security solutions with live threat data, add valuable context to incident investigations and provide insight to new threats as they emerge. Focused on providing high quality, high confidence data, mnemonic’s Threat Feed is populated in near real-time from the threats we observe from our Security Operations Center, our global sensor network, incident response activities, collaborative threat research projects and our intelligence partners.

With this app you can:

  • Utilise a workflow action to enable reputation lookups directly from your search results.
  • Search domains against mnemonic’s extensive reputation lists.

*The Argus Threat Feed requires a valid subscription. Solutions that can import CSV or STIX data are also supported, such as Check
Point, Palo Alto Networks, Carbon Black, or Symantec/Blue Coat. Contact for more info.