TruSTAR’s Splunk integration easily enables the ingestion of OSINT, commercial intelligence feeds, and case management data into your Splunk workflow.
Want to learn how to enrich TruSTAR investigations with Splunk ES?
Check out our Splunk ES workflow training session.
TruSTAR’s Splunk App allows analysts to enrich IOCs of interest and incorporate intelligence reports into their Splunk workflow, arming security teams with high-signal intelligence from their own internal historical data and open and closed intelligence feeds.
TruSTAR’s Splunk integration enables:
TruSTAR’s Splunk app automatically imports your high fidelity IOC’s from TruSTAR event data and enriches the IOC’s against reports from your network and peers. When a correlation is found, you see a graph visualization that shows you additional context and correlations for faster incident response and mitigation.
We've built the integration to be as easy to setup and configure. Download the app from the Splunkbase, put in your TruSTAR API keys, and customize your configuration to get started.
Splunk turns machine data into answers. Organizations of all sizes and across industries are using Splunk to unleash innovation and solve their toughest IT, security and business challenges.