Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Are there any native APIs to retrieve [domain info] in Splunk?

packet_hunter
Contributor
‎03-02-2016 10:53 AM

I have tried creating a workflow to query domain information using Whois.net (as described in the documentation), however I have to manually select the domain, click the whois, and go thru another web page, enter captcha to get the information.

Is there an API that I can use to query specific domain information for me (like creation date) without the manually interaction?

Is there a domain creation date app somewhere or some python code for this?

Thank you

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

muebel
SplunkTrust
SplunkTrust
‎03-02-2016 11:06 AM

Hi packet_hunter, This app looks like it might be helpful, at least as a starting point : https://splunkbase.splunk.com/app/321/

There are many services available that offer an api for doing whois-type lookups. You could probably use a combination of these ideas in order to perform domain lookups on arbitrary domains.

Please let me know if this answers you question 😄

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

muebel
SplunkTrust
SplunkTrust
‎03-02-2016 11:06 AM

Hi packet_hunter, This app looks like it might be helpful, at least as a starting point : https://splunkbase.splunk.com/app/321/

There are many services available that offer an api for doing whois-type lookups. You could probably use a combination of these ideas in order to perform domain lookups on arbitrary domains.

Please let me know if this answers you question 😄

0 Karma
Reply
Solved! Jump to solution

packet_hunter
Contributor
‎03-02-2016 11:55 AM

Hi Muebel, Thank you for the information and I will look into this. What I am really looking for is creation dates on sender domains I extract from email logs. I want to automate it, so that as Splunk searches and filters the sender domains, I get a result like sender = johndoe@somecompany.com sender_domain = somecompany.com domain_creation date = 02Feb2016 (as an example).

Please let me know if you have any insight on this goal, while I read thru the link you provided.

If you think I need to use a python script and pay for an API, then please advise.

Thank you

0 Karma
Reply
Get Updates on the Splunk Community!

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

At .conf25, Splunk proudly recognized Fast Lane as the 2025 Authorized Learning Partner of the Year. This ...

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...