Splunk Enterprise Security
Splunk Enterprise Security (Splunk ES) is a security information and event management (SIEM) solution that enables security teams to quickly detect and respond to internal and external attacks, to simplify threat management while minimizing risk, and safeguard your business.
This integration is using Splunk’s Threat Intelligence framework which is a mechanism for consuming and managing external Threat Intelligence, detecting threats, and alerting.
This integrations will allow to automatically crosscheck all the log sources already onboarded into the Splunk Enterprise Security instance against Maltiverse Threat Intelligence feeds for IP, Hostnames, URL’s and file Hashes related fields. That will automatically trigger new Alerts in Splunk pointing out to possible Security Incidents.