SIEMs, or Security Information and Event Management (SIEM) systems, have been adopted by the IT and cybersecurity departments of most responsible enterprises these days. Vendors like Splunk and IBM sell powerful tools that let teams ingest mounds of virtually any type of data like IP lists or log files to query, measure, inspect, and analyze for everything from threat detection patterns and network intrusions to rogue processes.

Oddly enough, that key feature is also the main reason SIEMs are inefficiently used today: they quickly become giant, cumbersome data dumpsters that must be painstakingly rifled through in order to find anything – or take action.

This is especially problematic for doing effective cyber threat detection and prioritization. Without a good way to know whether an IP has been observed with association to specific kinds of threats (such as botnets, phishing, ransomware. etc.) and what kind of networks the IP is originating from, SIEM users are very really “flying blind” through a world of data without any context.

Here at Musubu, we turn SIEMs from general-purpose dumpsters into, well, nicely organized bins by type. How do we do it? By providing something no other IP and cyber threat API provider gives you per IP or set of IPs:

  • Network Type
  • Network Group
  • Network Name

In short, we use one of our most unique data sets that we build up each and every day called Known Networks® to tell you what kind of network an IP lives in and which one, specifically, it is.

known networks in musubuapp and api

In other words, instead of just ingesting lists of raw IP addresses into your SIEM, we give you context: Where is it from, who owns it and what kind of network it is.

So what is Known Networks® exactly?

Well, our Known Networks® internet analytics and mapping is a Musubu sub-component based on our vast repository of information about global networks and the structure of the internet. It allows users of Musubu API and apps like developers, researchers, security analysts, and insider threat specialists to incorporate information about existing and identified networks directly into their products and services. Users can access network ranges, tenant organizations, types of services provided, and a wide variety of other functionality and data.

Our Known Networks data set lets you see the following network types (JSON results set shown here):



(‘Bitcoin’, ‘Cryptocurrency’),

(‘Ethereum’, ‘Cryptocurrency’),

(‘Commercial’, ‘CDN’),

(‘Commercial’, ‘CloudHosting’),

(‘Commercial’, ‘Entertainment’),

(‘Commercial’, ‘FileSharing’),

(‘Commercial’, ‘Financial’),

(‘Commercial’, ‘InternetSecurity’),

(‘Commercial’, ‘SearchEngine’),

(‘Free’, ‘CDN’),

(‘P2P’, ‘CDN’),

(‘Free’, ‘SocialNetworking’),

(‘Free’, ‘SoftwareDownloads’),

(‘Major’, ‘Broadband’),

(‘Major’, ‘Healthcare’),

(‘NONPROFIT’, ‘InternetAuthorities’),

(‘Federal’, ‘Government’),

(‘Foreign’, ‘Government’),

(‘StateLocal’, ‘Government’),

(‘TOR’, ‘Nodes’),

(‘Labs’, ‘Academia’),

(‘Institutes’, ‘Academia’),

(‘Schools’, ‘Academia’),

(‘Universities’, ‘Academia’)


At a minimum, this allows you to create extra displays, analytics and metrics in your SIEM to do things like Cyber Threat Detection in a faster, more actionable way. Imagine being able to log in to your SIEM each day and quickly see the most suspicious IP addresses contacting your APIs, network endpoints, and websites organized by their network of origin so you can very quickly know which ones to dig into first.

That kind of speed advantage may seem small, but it pays big dividends over the long-term by making you a little more efficient each and every day. Plus, it also gets you to doing mitigation and response much faster to help contain potentially significant issues more quickly and directly.

Starting at just $10/month, our IP and cyber threat data APIs are too affordable not to try.

Wanna organize your Splunk SIEM today?

Check out our new Musubu IP Threat Data for Splunk app! Download it now, install, then email us at for your free 7-day trial key.

IP address data in Splunk

About the Author

Jason Polancich

Jason Polancich is app designer and digital marketing lead for Polancich is a linguist, software engineer, data scientist, intelligence analyst, and real estate broker and investor with his wife and business partner Rebekah. He's also the founder and lead architect of VandalsSmile, a data-driven, small business marketing and lead generation network making big data work practically and usefully for owners. Polancich also originally created HackSurfer/SurfWatch Labs (Pre-VC), a cyber analytics firm founded in 2013 that provided highly accurate, timely and actionable information to businesses regarding the cybercrime threats they face. Polancich is a serial entrepreneur focused on solving complex internet commerce, data analysis, and cyber-defense problems. Novii Design, a company he co-founded in 2005 with Rebekah Lewis-Polancich, was based on his contributions to cloud architectures, distributed computing, data analysis and systems integration. The company assisted the U.S. Intelligence Community and Department of Defense in building some of the largest data warehouse and analysis systems ever put into operation within the government and defense contracting sectors. Novii Design was sold to Six3/CACI in 2010. Polancich is also a service-disabled veteran of the U.S. Army. Amazon Author Profile.

Contact Me