One of the most powerful features inside of PassiveTotal is the ability to monitor infrastructure and receive alerts when something changes. We’ve covered how to deploy monitors in previous postings and videos, but never showed how they could be used for follow-up actions. By combining the notifications and monitors API from the account endpoints, it’s easy to create an automated system to block or publish threat data.
With the all-new PassiveTotal App for Splunk, organizations can now bring context to external threats, analyze attack data, and correlate that information with their internal event data to pinpoint and remediate threats—all in one place.
It’s hard to believe, but just nine months ago, we rolled out our first version of Hubot scripts using Slack as an example of how you could further your analysis. Back then, we were working with limited amounts of data and could only provide passive DNS. Today, we are in a much different place and felt it was time to really build out our bot capabilities. Released on our Github repository and the NPM