Integrated Intelligence Enrichment With Threat Intelligence Management

By Olivia Henderson

SOC analysts are overwhelmed with alerts and manual repetitive tasks that negatively impact their ability to conduct and prioritize investigations of critical events. They don’t have the time, or bandwidth, to sift through data feeds or sources to identify and synthesize intelligence related to an incident. It’s critical that analysts have seamless access to associated intelligence in order to have an objective view into critical events, and a comprehensive understanding into the potential risk to the enterprise.

Today, we are excited to announce the release of Threat Intelligence Management!* As a feature of both Splunk Enterprise Security (ES) and Splunk Mission Control, Threat Intelligence Management enables analysts to fully investigate security events or suspicious activity by providing the relevant and normalized intelligence to better understand threat context and accelerate time to triage.

This feature supports the SOC by reducing the number of alerts to investigate by filtering out the intelligence that is not relevant to the organization, allowing you to monitor only for intelligence related to specific use cases. By synthesizing intelligence into a single, normalized view, we're making it even easier for analysts to understand threat context and take action.

Monitor Against Curated IOC Lists to Reduce Alert Volume and Detect Faster

Threat Intelligence Management enables analysts to create indicator of compromise (IOC) threat lists for Enterprise Security in order to receive relevant alerts that align to specific detection use cases. Analysts reduce alert-fatigue by detecting IOCs relevant to their environment and access pertinent intelligence.

Access Integrated Intelligence within Incidents to Reduce Time to Investigate

Threat Intelligence Management integrates directly with Splunk Mission Control’s incident framework which enables analysts to detect sophisticated threats and reduce alert fatigue. Having Threat Intelligence Management integrated into Mission Control incidents provides analysts with an integrated intelligence solution to support investigation of critical events.

Ready to learn more? Check out the Splunk Enterprise Security or Mission Control Product Tours!

_{*Initial availability to eligible AWS customers in select US regions only}

Olivia Henderson

Olivia leads product marketing for Splunk® Enterprise Security. She brings to Splunk over 5 years of product marketing experience within the cyber intelligence industry, leading go-to-market strategies for products, services, and data integrations. Previously she worked as an intelligence analyst for a cyber threat intelligence managed service, focusing on Latin America, conducting research and analysis of emerging threats within the region. She holds a Bachelor of Science in Foreign Service (BSFS) in International Politics with a concentration in International Security from Edmund A. Walsh School of Foreign Service, Georgetown University and a Master of Professional Studies (MPS) in Integrated Marketing and Communications from the School of Continuing Studies, Georgetown University.

Security 3 Min Read

Staff Picks for Splunk Security Reading May 2023

Welcome to the Splunk staff picks, featuring a curated list of presentations, whitepapers, and customer case studies that our Splunk security experts feel are worth a read.

Security 8 Min Read

Elevating Security: The Growing Importance of Open Cybersecurity Schema Framework (OCSF)

Splunker Paul Agbabian shares what's new in the Open Cybersecurity Schema Framework (OCSF) and how profiles can augment the natural structure of event classes and categories.

Security 2 Min Read

Splunk Named #1 SIEM Provider in the 2022 IDC Market Share for SIEM for 3rd Time in a Row

Splunk has been named as the #1 SIEM provider in the 2022 IDC Market Share for SIEM for the third time in a row.

About Splunk

The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.

Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.