The ThreatConnect App for Splunk Enterprise integrates ThreatConnect and Splunk by facilitating the ability to receive alerts on threat intelligence sourced from ThreatConnect communities and feeds matched against the logs and other machine data from a network within Splunk Enterprise. The ThreatConnect App for Splunk Enterprise can now report observations back to ThreatConnect and analysts are now able to report false positives directly from Splunk.
With ThreatConnect, our users are able to:
- Apply tailored, relevant threat intelligence to their existing infrastructure
- Enrich and take action on their intel automatically
- Receive alerts to block cyber criminals and respond to incidents
- Reduce false positives and threat-response time
- Correlate strategic and tactical threat intelligence to drive their security with actionable machine-readable data
- Collect and share threat intelligence data from trusted communities