Last updated on December 5, 2022.
This integration places BlueCat service points between the existing internal DNS resolution system and end points, passing the query data to Splunk, where it can be further analyzed and correlated with other network service data . This positions your SOC to gain full insight into DNS in real time, whilst optimizing your Splunk data volume costs using the BlueCat risk detection filter, so that a subset of DNS data is passed to Splunk. In addition, BlueCat offers the capability to the full DNS data set so that east-west spread of detected risks can be isolated, and subsequently cleaned