Users Can Now Report Observations Back to ThreatConnect and False Positives Directly from Splunk Solutions
Today, ThreatConnectⓇ, creator of the most widely adopted Threat Intelligence Platform (TIP), announces the availability of its new, enhanced ThreatConnect App for Splunk. Offering new bi-directional workflows, the application allows analysts to send indicators and alerts from notable events back into the ThreatConnect Platform for additional analysis and faster information sharing. By leveraging Splunk solutions to correlate data shared in ThreatConnect communities and threat feeds, users can reduce false positives by applying accurate, timely, and tailored threat intelligence.
The ThreatConnect App for Splunk was developed for mutual customers and in combination with Splunk’s Adaptive Response Initiative in order to better share indicators across the broader security ecosystem. This empowers security teams to be more effective and efficient, elevating the value of a collaborative approach to threat analysis.
Andy Pendergast, ThreatConnect’s VP of Product commented, “We’re doing two big things with the ThreatConnect App for Splunk. First, analysts need a better way to prioritize alerts from external sources based on relevance and confidence, and the decision makers in the organization need a way to see what sources are returning the most value. With the ThreatConnect App for Splunk, analysts will be able to quickly and efficiently determine which indicators are more relevant and accurate, flag false positives and clearly see their return on investment in threat intelligence. Next, we’ve completed the feedback loop of intelligence between ThreatConnect and Splunk solutions. Now users can send indicators from notable events in Splunk solutions to ThreatConnect, effectively creating new intelligence for further investigation or sharing.”
Key features of the enhanced ThreatConnect App for Splunk:
- Bi-directional flow of threat intelligence data for additional enrichment, correlation and analysis.
- Analysts are now able to report false positives directly from Splunk Solutions.
- Operationalize intelligence of a threat with complete Diamond Model representations and matches from your environment on a single dashboard.
- Threat intelligence collection platform incorporating information from open source, commercial, communities, and internal research.
- Aggregated threat feeds to derive weighted confidence levels to trigger Splunk alerts.
- Prioritized events based on criticality and confidence scores, relationships to known threat types and groups, past incidents, and tags.
- Dashboards illustrating matches from indicators organized by indicator type, criticality, associations, and other criteria.
At RSA? Visit us at the Splunk booth (S2620) during office hours (T: 3:30-4:30; W: 1:00-2:00; Th: 1:15-1:45) for an app demo as part of Splunk’s Adaptive Response Initiative. Or sign-up for a personal demo at the ThreatConnect booth (N3027).
About ThreatConnect, Inc.
ThreatConnect, Inc. provides industry-leading advanced threat intelligence software and services including ThreatConnect®, the most widely adopted Threat Intelligence Platform (TIP) on the market. ThreatConnect delivers a single platform in the cloud and on-premises to effectively aggregate, analyze, and act to counter sophisticated cyber-attacks. Leveraging advanced analytic and workflow capabilities, ThreatConnect offers a superior understanding of relevant cyber threats to business operations. To learn more about ThreatConnect, visit: www.threatconnect.com.
About Splunk Inc.
Splunk Inc. (NASDAQ: SPLK) is the market-leading platform that powers Operational Intelligence. We pioneer innovative, disruptive solutions that make machine data accessible, usable and valuable to everyone. More than 11,000 customers in over 110 countries use Splunk software and cloud services to make business, government and education more efficient, secure and profitable. Join hundreds of thousands of passionate users by trying Splunk solutions for free: http://www.splunk.com/free-trials.
Splunk>, Listen to Your Data, The Engine for Machine Data, Hunk, Splunk Cloud, Splunk Light, SPL and Splunk MINT are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2016 Splunk Inc. All rights reserved.