Splunk Search

WHOIS Search

afarmer
Explorer

I've looked at splunkbase for "whois" apps and searched the community for whois-type scripts, but found none that meet my needs. What I would like is to find an app/script very similar to the Linux whois command. This gives me all the information I need. I've tried the Newtork Tools app, but whois is a geneating command so I can't use it in a search. The generateblocklist_app https://www.splunk.com/blog/2016/05/02/enriching-threat-feeds-with-whois-information-splunk.html doesn't provide enough information. I can't create a commands.conf file and point to the bash whois command since it's not supported. I don't want to use a limited free API or purchase an API. Does anyone have ideas? I'm needing to pass an IP instead of a domain name. This will be very useful for creating a dashboard for threat hunting. Thanks in advance!

Tags (1)
0 Karma

splunker12er
Motivator

You could try scripted input to trigger your command and output the results to splunk and search it

http://docs.splunk.com/Documentation/Splunk/4.3/Developer/ScriptSetup

0 Karma
Get Updates on the Splunk Community!

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today

Meet Carol Wright. She leads the Splunk Academic Alliance program at Splunk. The Splunk Academic Alliance ...

Part 2: A Guide to Maximizing Splunk IT Service Intelligence

Welcome to the second segment of our guide. In Part 1, we covered the essentials of getting started with ITSI ...

Part 1: A Guide to Maximizing Splunk IT Service Intelligence

As modern IT environments continue to grow in complexity and speed, the ability to efficiently manage and ...