Skip to main content
Registration for .conf24 is open! Join us June 11-14 in Las Vegas.
Splunk Lantern

Using Threat Intelligence Management


Splunk Threat Intelligence Management is currently available for ES Cloud customers. Contact your Splunk team for additional details.

Splunk Threat Intelligence Management is a cloud-native system that provides threat intelligence to Splunk Enterprise Security (Cloud) customers through Splunk Mission Control. With Splunk Threat Intelligence Management, you can detect and enrich incidents by correlating your internal data with external intelligence sources. 

The intelligence pipeline in Splunk Threat Intelligence Management extracts, normalizes, and enriches observables with the intelligence sources that you have access to, which transforms the observables into indicators. By providing curated lists of IOCs for threat matching to Splunk Enterprise Security (Cloud), Splunk Threat Intelligence Management acts as an aggregator and a filter to reduce alert volume.

Watch the following video to learn more or use the documentation links below to get started.

To get a Splunk Threat Intelligence Management tenant and to set up groups, users, and roles, you must be a Splunk Cloud Services admin.