Skip to main content
Do you build apps on Splunk or are a Splunk admin? If so, we want to hear from you. Help shape the future of Splunk and win a $35 gift card!
 
 
Splunk Lantern

Using Threat Intelligence Management

 

Splunk Threat Intelligence Management is currently available for ES Cloud customers. Contact your Splunk team for additional details.

Splunk Threat Intelligence Management is a cloud-native system that provides threat intelligence to Splunk Enterprise Security (Cloud) customers through Splunk Mission Control. With Splunk Threat Intelligence Management, you can detect and enrich incidents by correlating your internal data with external intelligence sources.

The intelligence pipeline in Splunk Threat Intelligence Management extracts, normalizes, and enriches observables with the intelligence sources that you have access to, which transforms the observables into indicators. By providing curated lists of IOCs for threat matching to Splunk Enterprise Security (Cloud), Splunk Threat Intelligence Management acts as an aggregator and a filter to reduce alert volume.

Watch the following video to learn more or use the documentation links below to get started.

To get a Splunk Threat Intelligence Management tenant and to set up groups, users, and roles, you must be a Splunk Cloud Services admin.