Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

WHOIS Search

afarmer
Explorer
‎04-03-2018 06:54 PM

I've looked at splunkbase for "whois" apps and searched the community for whois-type scripts, but found none that meet my needs. What I would like is to find an app/script very similar to the Linux whois command. This gives me all the information I need. I've tried the Newtork Tools app, but whois is a geneating command so I can't use it in a search. The generateblocklist_app https://www.splunk.com/blog/2016/05/02/enriching-threat-feeds-with-whois-information-splunk.html doesn't provide enough information. I can't create a commands.conf file and point to the bash whois command since it's not supported. I don't want to use a limited free API or purchase an API. Does anyone have ideas? I'm needing to pass an IP instead of a domain name. This will be very useful for creating a dashboard for threat hunting. Thanks in advance!

Tags (1)
0 Karma
Reply

splunker12er
Motivator
‎04-03-2018 11:47 PM

You could try scripted input to trigger your command and output the results to splunk and search it

http://docs.splunk.com/Documentation/Splunk/4.3/Developer/ScriptSetup

0 Karma
Reply
Related Topics
whois in search. help
Get Updates on the Splunk Community!

Platform Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestIntroducing Splunk Edge Processor, simplified data ...

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...