Splunk SOAR + TruSTAR
Accelerate phishing response through priority scoring
Splunk SOAR playbooks become even more powerful with the addition of TruSTAR Intelligence Management
automatically analyze and respond to phishing attacks
TruSTAR for Splunk SOAR ingests user-reported suspicious emails, extracts observables and enriches them with open source, commercial intelligence feeds, and internal historical data. TruSTAR then calculates a normalized score for each Indicator and applies a priority score to each email for automated response.
Accelerate automation by setting up playbooks that utilize the context of TruSTAR’s Intelligence Reports and Indicators
Obtain prepared and normalized intelligence for faster triage and more streamlined playbooks
Send observables from Splunk SOAR to TruSTAR Whitelists to automatically remove them from your SIEM
Simplify Playbook Enrichment
By managing all of your intelligence sources and preparing your data in a single platform, TruSTAR increases the fidelity and usability of Splunk SOAR automated playbooks. The comparison of Figure A and Figure B shows how Splunk SOAR playbooks can be streamlined with TruSTAR by providing a single unified API for enrichment based on normalized intelligence.
By sending Splunk SOAR investigations to your TruSTAR Enclave, TruSTAR’s SIEM integrations will automatically add malicious observables to detection sets and remove whitelisted observables from detection sets.