A Threat Intelligence Integration to Empower Your Splunk SIEM with The Most Relevant Data
TruSTAR’s Splunk integration easily enables the ingestion of OSINT, commercial intelligence feeds, and case management data into your Splunk workflow.
Designed to Accelerate Investigations
TruSTAR’s Splunk App allows analysts to enrich IOCs of interest and incorporate intelligence reports into their Splunk workflow, arming security teams with high-signal intelligence from their own internal historical data and open and closed intelligence feeds.
Added Benefits
TruSTAR’s Splunk integration enables:
- Ingestion Options - The integration provides our users with the ability to ingest not only TruSTAR reports but also their IOC list that were submitted to TruSTAR using IOC management. IOC management is a capability that allows users to submit large amounts of IOCs into TruSTAR as a collection. Users can now ingest their IOC lists into Splunk to be correlated against.
- Splunk App Dashboard - The new app dashboard is more streamlined making relevant information more visible to the user. Users can now see the sources/enclaves from which indicators were ingested into Splunk.
- Optimized Queries - The TruSTAR app is more efficient in data ingest and has optimized Splunk queries.
Your View in Splunk
TruSTAR’s Splunk app automatically imports your high fidelity IOC’s from TruSTAR event data and enriches the IOC’s against reports from your network and peers. When a correlation is found, you see a graph visualization that shows you additional context and correlations for faster incident response and mitigation.
Simple Configuration
We've built the integration to be as easy to setup and configure. Download the app from the Splunkbase, put in your TruSTAR API keys, and customize your configuration to get started.
