Page 19 – Silent Push

New Luna Moth Domains Attacking Users Via Weaponized Helpdesk Domains

May 5, 2025/in News Kaaviya/by Jaime Wong

U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems

May 3, 2025/in News Ravie Lakshmanan/by Jaime Wong

Harrods Latest UK Retailer to Fall Victim to Cyber-Attack in Recent Days

May 2, 2025/in News Beth Maundrill/by Jaime Wong

Despite Arrests, Scattered Spider Continues High-Profile Hacking

May 2, 2025/in News Robert Wright/by Jaime Wong

Level-up Splunk with Silent Push IOFA™ data

April 30, 2025/in Blog/by Gareth Howells

Challenge: Operationalizing large amounts of CTI data at scale

A leading U.S.-based finance company was facing difficulties correlating the large amounts of threat intelligence data that the organization collected via Splunk.

Our customer needed to pass noisy Splunk data streams through a series of high-confidence validations to produce true positive alerts, across a range of workflows that interacted with numerous other cybersecurity platforms, and inform teams on where their collective efforts should be focused.

In doing so, the organization wanted to act quicker – and with more confidence – on various APT infrastructure targeting their organization, across a range of attack vectors.

Leadership tasked itself with reducing alert fatigue, and improving productivity by reducing the number of false positive correlations that occurred across the security stack with a slicker, more reliable series of integrations.

Solution: Using the Silent Push Splunk integration to correlate threat data

Silent Push features native integrations with Splunk – via two dedicated SplunkBase apps for SOAR and SIEM – that connects a Splunk instance with IOFA™ data, via the Silent Push API.

Silent Push passes a range of enriched data types through to Splunk that can either act as a starting point for CTI investigations, or used to corroborate data that’s already been passed through to Splunk from perimeter defenses, or from another cybersecurity platform.

Supported data types include:

Domain and IP Information: Domain risk scores, live WHOIS information, and certificate data

Reputation scores: ASN, nameserver, and subnet reputation

Passive DNS data: Forward and reverse lookups, and proprietary metrics such as IP diversity scores

IOFA™ feeds: Live, curated lists of true positive domains and IPs related to a specific TTP, attack vector, and APT group

Enrichment information: Contextual data for individual domains and IPs across 150+ categories

Once they’d onboarded, our customer used their API key to integrate their Splunk instance with our first-party IOFA™ data, to fulfil a range of use cases, including (but not limited to):

High-confidence domain scoring

Known malicious infrastructure

URL, email sender, IP and hostname enrichment

Using our integrations, the customer was able to adjust their security stack in such a way that made it quicker and easier to monitor and block both known and hidden infrastructure, by correlating existing threat data and gaining insight on emerging domains and IPs as they were being deployed, without needing to rely on stale post-breach intelligence for validation.

Custom correlation and indicators dashboards provided them with an at-a-glance view of their entire attack landscape, including any new indicators validated as malicious within Silent Push, and a full breakdown across 150+ enrichment categories with full access to the raw data for additional pivots.

The Silent Push Difference: Immediately actionable SOC and IR intelligence

With so many alerts and data feeds that lack the underlying intelligence for teams to fully evaluate unknown domains and IPs, SecOps staff struggle to create predictive models and detect malicious infrastructure before it’s weaponized.

Silent Push drastically reduces the time it takes for teams to fully operationalize threat intelligence data by providing teams with a wealth of context on each individual hostname and IP that appears on their radar.

Our customer realized an immediate improvement in key metrics such as MTTD and MTTR, and gave staff the breathing space they needed to focus on critical tasks without needing to swim through an ocean of noisy information.

Learn More About Our Unique Approach to Preemptive Threat Intelligence

Find out how Silent Push helps you to locate hidden and known threat infrastructure, and stop digital assaults at the source before they occur using Indicators Of Future Attack™

IOFA™ are domain and IP datapoints that preemptively pinpoint adversary intent BEFORE an attack is launched, and reveal searchable digital fingerprints of attacker activity.

Get in touch here for more information.

Further resources

Silent Push App for Splunk (SIEM)

Silent Push App for Splunk (SOAR)