TruSTAR’s Splunk App allows analysts to enrich IOCs of interest and incorporate intelligence reports into their Splunk workflow, arming security teams with high-signal intelligence from their own internal historical data and open and closed intelligence feeds.
TruSTAR’s Splunk integration enables:
TruSTAR’s Splunk app automatically imports your high fidelity IOC’s from TruSTAR event data and enriches the IOC’s against reports from your network and peers. When a correlation is found, you see a graph visualization that shows you additional context and correlations for faster incident response and mitigation.
We've built the integration to be as easy to setup and configure. Download the app from the Splunkbase, put in your TruSTAR API keys, and customize your configuration to get started.