Splunk Search

WHOIS Search


I've looked at splunkbase for "whois" apps and searched the community for whois-type scripts, but found none that meet my needs. What I would like is to find an app/script very similar to the Linux whois command. This gives me all the information I need. I've tried the Newtork Tools app, but whois is a geneating command so I can't use it in a search. The generateblocklist_app https://www.splunk.com/blog/2016/05/02/enriching-threat-feeds-with-whois-information-splunk.html doesn't provide enough information. I can't create a commands.conf file and point to the bash whois command since it's not supported. I don't want to use a limited free API or purchase an API. Does anyone have ideas? I'm needing to pass an IP instead of a domain name. This will be very useful for creating a dashboard for threat hunting. Thanks in advance!

Tags (1)
0 Karma


You could try scripted input to trigger your command and output the results to splunk and search it


0 Karma
Get Updates on the Splunk Community!

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...

Tech Talk | One Log to Rule Them All

One log to rule them all: how you can centralize your troubleshooting with Splunk logs We know how important ...

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through: An introduction to the Splunk Threat ...