Skip to main content
Splunk Lantern

Using Threat Intelligence Management


Initial Splunk Threat Intelligence Management availability is limited to eligible AWS customers in select US regions only. Contact your Splunk team for more information.

Splunk Threat Intelligence Management is a cloud-native system that provides threat intelligence to Splunk Enterprise Security (Cloud) customers through Splunk Mission Control. With Splunk Threat Intelligence Management, you can detect and enrich incidents by correlating your internal data with external intelligence sources. 

The intelligence pipeline in Splunk Threat Intelligence Management extracts, normalizes, and enriches observables with the intelligence sources that you have access to, which transforms the observables into indicators. By providing curated lists of IOCs for threat matching to Splunk Enterprise Security (Cloud), Splunk Threat Intelligence Management acts as an aggregator and a filter to reduce alert volume.

Watch the following video to learn more or use the documentation links below to get started.

To get a Splunk Threat Intelligence Management tenant and to set up groups, users, and roles, you must be a Splunk Cloud Services admin.