Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Are there any native APIs to retrieve [domain info] in Splunk?

packet_hunter
Contributor
‎03-02-2016 10:53 AM

I have tried creating a workflow to query domain information using Whois.net (as described in the documentation), however I have to manually select the domain, click the whois, and go thru another web page, enter captcha to get the information.

Is there an API that I can use to query specific domain information for me (like creation date) without the manually interaction?

Is there a domain creation date app somewhere or some python code for this?

Thank you

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

muebel
SplunkTrust
SplunkTrust
‎03-02-2016 11:06 AM

Hi packet_hunter, This app looks like it might be helpful, at least as a starting point : https://splunkbase.splunk.com/app/321/

There are many services available that offer an api for doing whois-type lookups. You could probably use a combination of these ideas in order to perform domain lookups on arbitrary domains.

Please let me know if this answers you question 😄

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

muebel
SplunkTrust
SplunkTrust
‎03-02-2016 11:06 AM

Hi packet_hunter, This app looks like it might be helpful, at least as a starting point : https://splunkbase.splunk.com/app/321/

There are many services available that offer an api for doing whois-type lookups. You could probably use a combination of these ideas in order to perform domain lookups on arbitrary domains.

Please let me know if this answers you question 😄

0 Karma
Reply
Solved! Jump to solution

packet_hunter
Contributor
‎03-02-2016 11:55 AM

Hi Muebel, Thank you for the information and I will look into this. What I am really looking for is creation dates on sender domains I extract from email logs. I want to automate it, so that as Splunk searches and filters the sender domains, I get a result like sender = johndoe@somecompany.com sender_domain = somecompany.com domain_creation date = 02Feb2016 (as an example).

Please let me know if you have any insight on this goal, while I read thru the link you provided.

If you think I need to use a python script and pay for an API, then please advise.

Thank you

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...