Splunk Enterprise Security App


TruSTAR’s Splunk ES workflow integration is designed for security analysts and SOC teams seeking to detect, triage, investigate, and respond to notable events generated within Splunk.

This document highlights our Splunk ES app, its different use cases, and the benefits gained by SOCs.

Splunk ES App Features

With the TruSTAR's Splunk ES app, users can:

  • Control Data Ingest & Volume - Customize data ingest preferences based on indicator type, tags, and age of indicator to cut down on data volume exchanged between tools.
  • Operationalize Intelligence - Curate observables, then prioritize events based on context and prioritization scores from TruSTAR.
  • Easily Share with Teams & Trust Groups - Control where your data goes. Share notable events with the option to redact sensitive data.

Already a TruSTAR and Splunk ES user looking to install the app? Visit Splunkbase to download the app or visit our Support Docs for install instructions.