Spamhaus Datasets for Splunk provide a custom search command enabling you to easily query IPs and host names within your Splunk data, to see if they're known to be connected with abused internet resources, as observed by Spamhaus. There are multiple use cases including (a) the ability to detect if suspicious log entries in your systems are being caused by IPs known to be part of a botnet or (b) investigating if unexplained HTTP traffic is trying to reach an IP/hostname known to be controlling botnets. To utilize this data customers must be subscribed to the Spamhaus Data Query Service (DQS). This service is FREE for low-volume users, simply complete the sign-up form at: https://www.spamhaustech.com/free-trial/sign-up-for-a-free-data-query-service-account/