Data-Centric Security Automation
We Help Accelerate Operational Outcomes
Key Principles


Intelligence Management for Modern Security Operations
Traditionally, security leaders have had to rely on teams of trained analysts spending many hours a day wrangling data or investing in large, multiyear data engineering projects. Splunk Intelligent Management users can easily select intelligence sources, including open source, premium intel providers and collections of historical events and alerts. Users can then apply priority scores, Safelists and filtering based on indicator types or attributes and submit prepared data into Enclave data repositories or a designated application of choice from the integration marketplace.
Automatically transform and curate data to make it actionable for automation
How It Works

Enclaves
Cloud-Based Data Repositories For Internal And External Intelligence
› Integrated Event Storage: Enclaves provide product-agnostic “cyber memory” of internal events, alerts, and cases for future enrichment and reduction of redundant investigations
› All-Source Search & Analytics: Enclaves enable unified search for historical events alongside threat intel sources powers mission-critical executive visibility
› Simplified Permissions & Streamlined Sharing: Enclaves are the segmentation unit for controlling access, and can be synced across teams, tools, subsidiaries and partners

Our Unified Intel API Provides a Single Point of Integration
Use Cases

Detect

Disseminate
Intelligence pipelines support automation across teams, tools, and organizations.

Investigate
Spend less time wrangling data, and more time catching bad guys
Metrics That Matter
