Splunk Intelligence Management + SIEM
Analyze notable events and leverage intelligence to quickly understand threat context and prioritize and accelerate triage
Empower Your Splunk SIEM with The Most Relevant Data
Prioritize and accelerate triage, gain more accuracy
The Splunk Intelligence Management Unified App for Splunk Enterprise and Enterprise Security helps security professionals analyze notable events and leverage intelligence to quickly understand threat context and prioritize and accelerate triage. Analysts can customize data ingest preferences based on Indicator type, tags, and age of Indicator to cut down on data volume exchange between tools for better accuracy.
Automatically download observables from Premium Intelligence, Open Source, or Sharing Groups into Splunk KV Stores for use in searching or to alert against internal log events
Enrich notable events in Splunk ES using intelligence from Enclaves
Update and prioritize notable event urgency in Splunk ES based on normalized scores
The Splunk Intelligence Management Unified App leverages Indicator Prioritization Intel Workflows to select intelligence sources, apply priority scores, Safelists, and filters based on Indicator type or attributes. Easily submit prepared data into Enclaves for your SIEM to ingest threat enrichment attributes for the indicators associated with security incidents.
Import Multiple Detection Sets to Your SIEM
Import multiple detection sets with customized expiration from Splunk Intelligence Management to Splunk KV Stores.
The Splunk Intelligence Management Unified App updates a notable event urgency score using normalized scores from intel sources and enriches notable events with structured information found in intel reports about that indicator. Enrichment includes deep links to the individual reports for full context.
Use the Splunk Intelligence Management Unified App to easily share notable events with ISACs or other sharing groups.