Platform integrations · SIEM + SOAR

Whisper, inside the tools you already run

Pipe Whisper’s infrastructure graph straight into Splunk, Microsoft Sentinel, and the SOAR workflows your team already lives in. One command enriches every event — no rip-and-replace, no new console to learn.

Multi-hop pivots, inside your SIEM

A flat lookup adds a column. Whisper adds the graph: from one IP in your alert, follow the ASN that routes it, the domains co-hosted alongside it, the registrant behind them, and the feeds that flag the whole cluster — without ever leaving Splunk or switching to another tab.

One command enriches every event

Splunk·Search
| whisperlookup field=dest_ip type=ip
| table dest_ip whisper_asn_name whisper_country whisper_threat_level whisper_is_tor
dest_ipwhisper_asn_namewhisper_countrywhisper_threat_levelwhisper_is_tor
1.1.1.1CLOUDFLARENETUSINFO0
185.220.101.1TELNA-UKDEINFOtor
8.8.8.8GOOGLEUSINFO0
104.16.132.229CLOUDFLARENETUSINFO0
93.184.216.34SYSAID-ASNCHNONE0

Raw dest_ip in → ASN ownership, geo, threat level, and Tor/C2 flags out — inline. The Tor exit lights up on its own.

Connectors for the stack you run

Splunk and OpenCTI are live today. Microsoft Sentinel and Wazuh are close behind. Each one speaks its host platform’s native language.

SplunkSIEM
Shipped

Run a single `| whisperlookup` command over any field to enrich events inline with ASN ownership, geo, threat level, and Tor/C2 flags — plus a full Lookup / Investigation dashboard for ad-hoc pivots. Nothing leaves your indexers.

  • whisperlookup SPL command
  • Investigation dashboards
  • Alert enrichment
  • Threat scoring
Microsoft SentinelSIEM
Shipping soon

Enrich Sentinel incidents and hunting queries with infrastructure context, so every external IP and domain carries its ownership, connections, and a sourced threat score.

  • Incident enrichment
  • KQL functions
  • Hunting queries
OpenCTICTI platform
Shipped

Hydrate STIX observables with Whisper relationships — resolving IPs, co-hosted domains, shared certificates, and registrant pivots — straight into your threat-intel knowledge base.

  • STIX observable enrichment
  • Relationship pivots
  • Native connector
WazuhXDR
Shipping soon

Enrich Wazuh alerts and threat hunts with infrastructure intelligence on every external indicator — ASN ownership, co-hosting, and sourced threat scores.

  • Alert enrichment
  • Active response
  • Threat hunting

Not on the list? Wire it up yourself

The same graph is a REST/Cypher API and an MCP endpoint. Drop infrastructure context into any pipeline, notebook, or AI agent in a few lines — no connector required.

Add infrastructure context to your stack

Install the Splunk app or the OpenCTI connector today, or talk to us about Sentinel and Wazuh — available cloud-hosted or on-prem.