Splunk Intelligence Management + SIEM

Analyze notable events and leverage intelligence to quickly understand threat context and prioritize and accelerate triage

 

Empower Your Splunk SIEM with The Most Relevant Data

Prioritize and accelerate triage, gain more accuracy

The Splunk Intelligence Management Unified App for Splunk Enterprise and Enterprise Security helps security professionals analyze notable events and leverage intelligence to quickly understand threat context and prioritize and accelerate triage. Analysts can customize data ingest preferences based on Indicator type, tags, and age of Indicator to cut down on data volume exchange between tools for better accuracy.

SIEM video-1
Automatically Transform And Curate Data To Make It Actionable For Automation

How It Works

Workflow graphic with Splunk products

Integration Capabilities

 Automatically download observables from Premium Intelligence, Open Source, or Sharing Groups into Splunk KV Stores for use in searching or to alert against internal log events

star icon

Enrich Events

Enrich notable events in Splunk ES using intelligence from Enclaves

 

 

 

star icon

Correlate with Historical Data

Submit notable events to Enclaves for further enrichment and correlation with historical data to triage alerts based on context and severity
star icon

Prioritize Urgency

Update and prioritize notable event urgency in Splunk ES based on normalized scores 

 

 

 

Curate Nuanced Detection Sets

The Splunk Intelligence Management Unified App leverages Indicator Prioritization Intel Workflows to select intelligence sources, apply priority scores, Safelists, and filters based on Indicator type or attributes. Easily submit prepared data into Enclaves for your SIEM to ingest threat enrichment attributes for the indicators associated with security incidents.

Step-2-Sources_Workflows
Step-3-Transformations_Workflows
Splunk Destination Graphic 2
Splunk KV Store
Import Multiple Detection Sets to Your SIEM

 

Import multiple detection sets with customized expiration from Splunk Intelligence Management to Splunk KV Stores.

Score, Prioritize, and Enrich Notable Events

 

The Splunk Intelligence Management Unified App updates a notable event urgency score using normalized scores from intel sources and enriches notable events with structured information found in intel reports about that indicator. Enrichment includes deep links to the individual reports for full context.

Enrich noteable events
Share events
Share Notable Events

 

Use the Splunk Intelligence Management Unified App to easily share notable events with ISACs or other sharing groups.

Already a Splunk Intelligence Management customer?

 

Configure Your Splunk SIEM Integration now 

Contact Sales To Get Started