Using Threat Intelligence Management
Splunk Threat Intelligence Management is currently available for ES Cloud customers. Contact your Splunk team for additional details.
Splunk Threat Intelligence Management is a cloud-native system that provides threat intelligence to Splunk Enterprise Security (Cloud) customers through Splunk Mission Control. With Splunk Threat Intelligence Management, you can detect and enrich incidents by correlating your internal data with external intelligence sources.
The intelligence pipeline in Splunk Threat Intelligence Management extracts, normalizes, and enriches observables with the intelligence sources that you have access to, which transforms the observables into indicators. By providing curated lists of IOCs for threat matching to Splunk Enterprise Security (Cloud), Splunk Threat Intelligence Management acts as an aggregator and a filter to reduce alert volume.
Watch the following video to learn more or use the documentation links below to get started.
To get a Splunk Threat Intelligence Management tenant and to set up groups, users, and roles, you must be a Splunk Cloud Services admin.
Additional resources
- Splunk Docs: Access Threat Intelligence Management in Splunk Mission Control
- Splunk Docs: Investigate observables in Splunk Mission Control
- Splunk Blog: Splunk Threat Intelligence Management