Unified App: Validate download of indicators - Splunk Intel Management (TruSTAR)

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

In this video, we’ll show you how to validate that your Unified App has successfully downloaded observables that have been identified as potential Indicators of Compromise from Splunk Intel Management (Legacy) to Splunk Enterprise or Splunk Enterprise Security KV Stores.

Continue to the next section of the video path. Each step is explained in a short video:

Splunk Intel Management (TruSTAR) - Setting up the Unified App for Splunk ES

Pages: 5

Unified App: Use case - Splunk Intel Management (TruSTAR)
Learn how a Security Analyst working with Splunk Enterprise Security can use the Splunk Intelligence Management (TruSTAR) Unified app to improve detection and triage.
Unified App: Initial configuration - Splunk Intel Management (TruSTAR)
Learn about the initial configuration of the Splunk Intelligence Management Unified app for Splunk and Splunk Enterprise Security.
Unified App: Configure inputs - Splunk Intel Management (TruSTAR)
Learn about the configurations that control how indicators are downloaded into Splunk with Intelligence Management Unified App inputs.
Unified App: Validate download of indicators - Splunk Intel Management (TruSTAR)
Learn to validate that your Unified App has successfully downloaded observables from Intelligence Management to Splunk and Splunk Enterprise Security KV Stores.
Unified App for ES: Enrich and submit notable events - Splunk Intel Management (TruSTAR)
Learn to take advantage of the enrich and submit actions, as well as how a Notable Event urgency can be automatically updated based on your intelligence data.

Additional resources

Video Demo: Splunk Intelligence Management + Splunk Enterprise Security Overview and Demo
Docs: Unified App Installation Guide
Docs: Unified App User Guide
App: TruSTAR Unified

Previous step

Next step