Purpose: Crypto Firewall for Splunk provides a curated, continuously maintained lookup of known malicious cryptocurrency-related IP addresses for use in Splunk searches, alerts, and dashboards. Problem addressed: Cryptocurrency-related abuse—including scams, malware infrastructure, illicit mining, fraud endpoints, and command-and-control servers—often bypasses traditional security controls. Security teams need a lightweight, transparent way to enrich logs with crypto-specific threat intelligence inside Splunk. What the app does: This app installs the Crypto Firewall CSV as a Splunk lookup table, enabling users to quickly identify and correlate events involving known malicious crypto infrastructure. The lookup can be used across network, proxy, DNS, firewall, and application logs to: - Detect connections to known malicious crypto IPs - Enrich events with clear threat context - Power alerts, dashboards, and investigations - Reduce time to detection for crypto-related threats Key characteristics: - Uses a simple CSV lookup compatible with native Splunk lookups - No external dependencies or binaries - Designed for Splunk Enterprise and Splunk Cloud - Transparent, auditable threat data source - Suitable for security monitoring, threat hunting, and SOC workflows This app is intentionally minimal and focused, allowing organisations to integrate crypto-focused threat intelligence into existing Splunk workflows without complexity or performance overhead.