Bot Information for Splunk Attack Analyzer Verified

Splunk Attack Analyzer (formerly known as TwinWave), visits URLs submitted by customers using a headless Chrome browser. DOM (Document Object Model), HAR (HTTP Archive), and other relevant data from these visits are analyzed to determine if the page is hosting malicious content.

Operator
Splunk
AccessIndicates who drives the bot's activity. Bots with "direct" access are controlled directly by their operator, while bots with "intermediary" access can be controlled by end users.
Direct

User agent

Copy link
HTTP requests
TwinWaveScanner
robots.txtLearn more...
User-Agent: TwinWaveScanner
Disallow: /

HTTP traffic from Splunk Attack Analyzer

Copy link

HTTP requests from the specified bot over the selected time period

Learn more...