Splunk Enterprise Security

External Reverse DNS Lookup

StepbyStep82
New Member

I'm pretty new to Splunk and have currently been tasked to startup an App and am outfitting a dashboard for my team.

I'm currently in the process of researching ways on how to integrate an external reverse DNS lookup on an enterprise level. The goal is match/identify the business partner's name with their external connection's IP within our database. As of now, we just have a large scale of outbound/inbound ip's and it would benefit us to match a name to them.

Is this a possible task, and if it is what are best practices or known solutions to this request?

Thank you in advance!

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...