As a feature of both Splunk Enterprise Security (ES) and Splunk Mission Control, Splunk Threat Intelligence Management enables analysts to fully investigate security events or suspicious activity by providing the relevant and normalized intelligence to better understand threat context and accelerate time to triage. Analysts can manage security events and leverage threat intelligence feeds directly within the interface of your choice, Splunk ES or Mission Control workspaces, without pivoting to other tools, thereby reducing time to investigate. This ensures informed, timely, and actionable intelligence across the SOC’s ecosystem of teams, tools, and partners.
Initial Splunk Threat Intelligence Management availability is limited to eligible AWS customers in select US regions only. Contact your Splunk team for more information.
If you are looking for information about the legacy Splunk Intelligence Management (TruSTAR) product, click on the corresponding tab, or try some of these resources.
- Getting started with Splunk Intelligence Management (TruSTAR)
- Splunk + TruSTAR blogs
- TruSTAR Support Documentation