Unified App: Use case - Splunk Intel Management (TruSTAR)
- Unified App: Use case - Splunk Intel Management (TruSTAR)
- Unified App: Initial configuration - Splunk Intel Management (TruSTAR)
- Unified App: Configure inputs - Splunk Intel Management (TruSTAR)
- Unified App: Validate download of indicators - Splunk Intel Management (TruSTAR)
- Unified App for ES: Enrich and submit notable events - Splunk Intel Management (TruSTAR)
Splunk Intel Management (Legacy) has reached end of sale. If you are an Splunk Enterprise Security customer interested in similar functionality through Splunk Threat Intelligence Management, see the following page: Using Threat Intelligence Management.
Learn how a Security Analyst working with Splunk Enterprise Security can use the TruSTAR Unified app to improve detection and triage.
Before you begin configuration of the Unified app, you will need to:
- Create an Indicator Prioritization Intelligence flow (or Intel Workflow) to prepare the data you want to download to Splunk Enterprise or Splunk Enterprise Security for threat hunting. Don't forget to save the API key-pair and enclave ID.
- (Optional) Create a service account that has permissions to read from all the enclaves that you want to use for download of observables or enrichment and that can write on the Enclave that you want to use to submit information from Splunk ES. Save the API Key-pair and Enclave IDs.
- Install the Unified App in your Splunk Enterprise or Splunk Enterprise Security instance. If you are a Splunk Cloud Platform customer, open a support ticket with Splunk for assistance.
- Once you have the details you need, follow the recommended configuration path and jump to the next step (initial configuration). Each step is explained with a short video.