Skip to main content
Introducing Polarity Intel Edition: Streamlining Intel Distribution for SecOps
Polarity Intel Edition
Request a Demo

Playbook Fridays: New ThreatConnect App for Splunk 3.1

Splunk Users Can Now Launch Playbooks Directly from Splunk With ThreatConnect App Updates

Earlier this week, the latest ThreatConnect App for Splunk (v3.1) was released to Splunkbase. This release for Splunk is all about taking action and enabling our customers to fully leverage the power of the ThreatConnect Platform while working directly inside Splunk or Splunk Enterprise Security. This is a big release for us, and one in which Splunk users will see a lot of benefit.

Launch Playbooks Directly from Splunk
The ThreatConnect App for Splunk has always provided Splunk users the ability to leverage customizable threat intelligence integrated into Splunk from their ThreatConnect accounts. Now, as seen in Figure 1 below, you can launch ThreatConnect Playbooks directly from the Splunk interface.

Figure 1: Launch a ThreatConnect Playbook directly from the Splunk interface

 

Manage Downloading and Configuration of Playbook Workflow Actions
Directly from the ThreatConnect App Dashboard, you’ll now see a Playbooks option in the navigation (Figure 2). This is where you can manage the downloading and configuration of Playbooks from ThreatConnect, and the configuration of Playbook Workflow Actions all without worrying about logging into a separate Platform or interface.

Figure 2: ThreatConnect Dashboard view from within Splunk

 

Make Faster Decisions with Automation and Orchestration
What’s this mean? Well, now Playbook Actions can be leveraged right from the Event Triage Dashboard, as part of Enterprise Security Adaptive Response, and as a part of Workflow Actions on Events. Integrate threat intelligence into response efforts while tying your technologies together to orchestrate decision making based on Events happening in Splunk.

For more information, reach out to sales@threatconnect.com for a demo. If you’re a current customer, please reach out to your designated Customer Success team for details.

About the Author

ThreatConnect

By operationalizing threat and cyber risk intelligence, The ThreatConnect Platform changes the security operations battlefield, giving your team the advantage over the attackers. It enables you to maximize the efficacy and value of your threat intelligence and human knowledge, leveraging the native machine intelligence in the ThreatConnect Platform. Your team will maximize their impact, efficiency, and collaboration to become a proactive force in protecting the enterprise. Learn more at www.threatconnect.com.