Splunk SIEM + TruSTAR
Analyze notable events and leverage intelligence to quickly understand threat context and prioritize and accelerate triage
A Threat Intelligence Integration to Empower Your Splunk SIEM with The Most Relevant Data
Prioritize and accelerate triage, gain more accuracy
The TruSTAR Unified App for Splunk Enterprise and Enterprise Security helps security professionals analyze notable events and leverage intelligence to quickly understand threat context and prioritize and accelerate triage. With TruSTAR and Splunk, analysts can customize data ingest preferences based on Indicator type, tags, and age of Indicator to cut down on data volume exchange between tools for better accuracy.
Automatically download observables from Premium Intelligence, Open Source, or Sharing Groups into Splunk KV Stores for use in searching or to alert against internal log events
Enrich notable events in Splunk ES using intelligence from TruSTAR Enclaves
Update and prioritize notable event urgency in Splunk ES based on normalized scores from TruSTAR
The TruSTAR Splunk Unified App leverages Indicator Prioritization Intel Workflows to select intelligence sources, apply priority scores, Safelists, and filters based on Indicator type or attributes. Easily submit prepared data into TruSTAR Enclaves for Splunk to ingest threat enrichment attributes to the indicators associated with security incidents.
Import Multiple Detection Sets to Splunk
Import multiple detection sets with customized expiration from TruSTAR to Splunk KV Stores.
The TruSTAR Unified App updates a notable event urgency score using normalized scores from intel sources and enriches notable events with structured information found in intel reports about that indicator. Enrichment includes deep links to the individual reports for full context.
Use the TruSTAR Unified App to easily share notable events with ISACs or other sharing groups.