Splunk Intelligence Management + SOAR
Accelerate phishing response through priority scoring
Splunk SOAR playbooks become even more powerful with the addition of Splunk Intelligence Management
automatically analyze and respond to phishing attacks
Splunk Intelligence Management for Splunk SOAR ingests user-reported suspicious emails, extracts observables and enriches them with open source, commercial intelligence feeds, and internal historical data. A normalized score is then calculated for each Indicator and applies a priority score to each email for automated response.
Accelerate automation by setting up playbooks that utilize the context of Splunk Intelligence Management Reports and Indicators
Obtain prepared and normalized intelligence for faster triage and more streamlined playbooks
Send observables from Splunk SOAR to Whitelists to automatically remove them from your SIEM
Simplify Playbook Enrichment
By managing all of your intelligence sources and preparing your data in a single platform, Splunk Intelligence Management increases the fidelity and usability of Splunk SOAR automated playbooks. The comparison of Figure A and Figure B shows how Splunk SOAR playbooks can be streamlined with TruSTAR by providing a single unified API for enrichment based on normalized intelligence.
By sending Splunk SOAR investigations to your Splunk Intelligence Management Enclave, you can automatically add malicious observables to detection sets and remove whitelisted observables from detection sets.