Integrated Intelligence Enrichment With Threat Intelligence Management

SOC analysts are overwhelmed with alerts and manual repetitive tasks that negatively impact their ability to conduct and prioritize investigations of critical events. They don’t have the time, or bandwidth, to sift through data feeds or sources to identify and synthesize intelligence related to an incident. It’s critical that analysts have seamless access to associated intelligence in order to have an objective view into critical events, and a comprehensive understanding into the potential risk to the enterprise.

Today, we are excited to announce the release of Threat Intelligence Management!* As a feature of both Splunk Enterprise Security (ES) and Splunk Mission Control, Threat Intelligence Management enables analysts to fully investigate security events or suspicious activity by providing the relevant and normalized intelligence to better understand threat context and accelerate time to triage.

This feature supports the SOC by reducing the number of alerts to investigate by filtering out the intelligence that is not relevant to the organization, allowing you to monitor only for intelligence related to specific use cases. By synthesizing intelligence into a single, normalized view, we're making it even easier for analysts to understand threat context and take action.

Monitor Against Curated IOC Lists to Reduce Alert Volume and Detect Faster

Threat Intelligence Management enables analysts to create indicator of compromise (IOC) threat lists for Enterprise Security in order to receive relevant alerts that align to specific detection use cases. Analysts reduce alert-fatigue by detecting IOCs relevant to their environment and access pertinent intelligence.

Access Integrated Intelligence within Incidents to Reduce Time to Investigate

Threat Intelligence Management integrates directly with Splunk Mission Control’s incident framework which enables analysts to detect sophisticated threats and reduce alert fatigue. Having Threat Intelligence Management integrated into Mission Control incidents provides analysts with an integrated intelligence solution to support investigation of critical events.

Ready to learn more? Check out the Splunk Enterprise Security or Mission Control Product Tours!

*Initial availability to eligible AWS customers in select US regions only

/en_us/blog/fragments/digital-resilience-pays-off
Style
two-column

Related Articles

Splunk Enterprise Security 8.0 and Splunk SOAR 6.3 Unify and Automate TDIR Workflows within the Market-Leading SIEM
Security
4 Minute Read

Splunk Enterprise Security 8.0 and Splunk SOAR 6.3 Unify and Automate TDIR Workflows within the Market-Leading SIEM

Patriz Regalado explains how Splunk Enterprise Security is now natively integrated with automation capabilities from Splunk SOAR.
Automating With Splunk Phantom: How Norlys Does It
Security
2 Minute Read

Automating With Splunk Phantom: How Norlys Does It

Learn why Denmark’s largest power, utility and telecommunications company turned to Splunk Phantom, Splunk’s security orchestration, automation and response (SOAR) technology, to automate manual workflows, repetitive tasks and difficult-to-maintain processes.
MSHTA and MSBuild Cat Jam: Threat Research Release January 2021
Security
4 Minute Read

MSHTA and MSBuild Cat Jam: Threat Research Release January 2021

Splunk's Security Research team was busy this past quarter generating attack data for 80% of all our detections. A step forward in validating and testing our security content and ensuring we can continually test detections via continuous integration and continuous delivery (CI/CD).
/en_us/blog/fragments/about-splunk
/en_us/blog/fragments/subscribe-footer