Re: domaintools & Splunk ES Integration

dimitris_vergos · ‎09-28-2014

Hello,

I see in the ES Guide @ http://docs.splunk.com/Documentation/ES/latest/Install/AdvancedThreatdashboards

that you can integrate with domaintools.com in order to identity any new domains showing up.

But when I go to domaintools.com to sign up for the free api, I think this has changed, and you can only buy now packages.

Has anyone tried it? is that correct? If so, is there another service that can be used?

markkendrick · ‎06-29-2016

Hi everyone, Mark Kendrick here from DomainTools. Yes, we used to have a free developer API you could sign up for on the website. That's not available anymore, but we do give free trial access to our Whois API for customers considering our Enterprise offerings.

The same thing applies to our own Splunk app and add-on that you'll find in SplunkBase. Just reach out to us on our website or email MemberServices at DomainTools dot com, tell us you want to give the API a try inside Splunk, and we'll get you started.

mcronkrite · ‎09-29-2014

Hi I signed up for the FREE Trial on domaintools.
Yes, appears that the FREE is only for "Access is unlimited for reasonable levels of human, unscripted use, as defined in our Terms of Service." So looks like they need paid subscription for access to the API (scripted non-human access)

domaintools & Splunk ES Integration

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?