https://community.splunk.com/t5/Splunk-Search/WHOIS-Search/m-p/302359#M161874 <P>I've looked at splunkbase for "whois" apps and searched the community for whois-type scripts, but found none that meet my needs. What I would like is to find an app/script very similar to the Linux whois command. This gives me all the information I need. I've tried the Newtork Tools app, but whois is a geneating command so I can't use it in a search. The generateblocklist_app <A href="https://www.splunk.com/blog/2016/05/02/enriching-threat-feeds-with-whois-information-splunk.html">https://www.splunk.com/blog/2016/05/02/enriching-threat-feeds-with-whois-information-splunk.html</A> doesn't provide enough information. I can't create a commands.conf file and point to the bash whois command since it's not supported. I don't want to use a limited free API or purchase an API. Does anyone have ideas? I'm needing to pass an IP instead of a domain name. This will be very useful for creating a dashboard for threat hunting. Thanks in advance!</P> Wed, 04 Apr 2018 01:54:12 GMT afarmer 2018-04-04T01:54:12Z https://community.splunk.com/t5/Splunk-Search/WHOIS-Search/m-p/302359#M161874 <P>I've looked at splunkbase for "whois" apps and searched the community for whois-type scripts, but found none that meet my needs. What I would like is to find an app/script very similar to the Linux whois command. This gives me all the information I need. I've tried the Newtork Tools app, but whois is a geneating command so I can't use it in a search. The generateblocklist_app <A href="https://www.splunk.com/blog/2016/05/02/enriching-threat-feeds-with-whois-information-splunk.html">https://www.splunk.com/blog/2016/05/02/enriching-threat-feeds-with-whois-information-splunk.html</A> doesn't provide enough information. I can't create a commands.conf file and point to the bash whois command since it's not supported. I don't want to use a limited free API or purchase an API. Does anyone have ideas? I'm needing to pass an IP instead of a domain name. This will be very useful for creating a dashboard for threat hunting. Thanks in advance!</P> Wed, 04 Apr 2018 01:54:12 GMT https://community.splunk.com/t5/Splunk-Search/WHOIS-Search/m-p/302359#M161874 afarmer 2018-04-04T01:54:12Z https://community.splunk.com/t5/Splunk-Search/WHOIS-Search/m-p/302360#M161875 <P>You could try scripted input to trigger your command and output the results to splunk and search it</P> <P><A href="http://docs.splunk.com/Documentation/Splunk/4.3/Developer/ScriptSetup">http://docs.splunk.com/Documentation/Splunk/4.3/Developer/ScriptSetup</A></P> Wed, 04 Apr 2018 06:47:50 GMT https://community.splunk.com/t5/Splunk-Search/WHOIS-Search/m-p/302360#M161875 splunker12er 2018-04-04T06:47:50Z