ThreatStream Splunk App

The ThreatStream Splunk App by ThreatStream seamlessly automates the integration of threat intelligence into Splunk.
The primary goal of this application is to add threat intelligence context to existing customer event data based on common industry accepted Indicators of Compromise (IOC) keys such as file hash, domain, src/dest ip address, e-mail address, etc.

Release Notes

The ThreatStream Splunk App provides the following:

  • Threat Intelligence context to your event data based on known Indicators of Compromise (IOCs).

  • An initial DB populated with a subset of our Threat Intelligence. Register for a free test-flight account with access to all of our Threat Intelligence.

  • Automated creation of Triggered Alerts based on indicator type.

  • Dashboards that detail local event data associated with known IOCs.

  • Dashboards providing a high level breakout of the ThreatStream Intelligence data within the local database.

  • Integration with the ThreatStream Optic platform for automatic updates of the Threat Intelligence collection.

Get Started:

After you have installed the ThreatStream App for Splunk, register to receive current and real-time threat intelligence updates:



ThreatStream offers a SaaS-based cyber security threat intelligence platform. ThreatStream OPTIC© platform is the first ever community-vetted cyber security intelligence solution that aggregates millions of threat indicators from around the internet and integrates them directly to an organization's existing security infrastructure. ThreatStream provides enterprise and government organizations visibility into newly discovered security threats so they can proactively defend against malicious attacks.

This version of ThreatStream App contains a small DB sampling of the overall ThreatStream Intelligence feed and a limited set of dashboards. This sampling of content keeps the app distribution size manageable and provides means to explore the app. If you would like to explore the full functionality of ThreatStream offerings please do contact us or follow the quick registration process described above.

The ThreatStream App for Splunk provides Dashboards, an event viewer, and real-time alerts that highlight existing Splunk event data by performing lookups against the locally installed ThreatStream IOC collection. The event fields that are being used as lookup keys are assumed to be compliant with Splunk's Common Information Model (CIM). If you would like more information on the OPTIC platform or have feedback we are happy to hear from you.


When running on the Windows platform, you will need to install a standalone version of python (version 2.7 or 3.3). The version of python that ships with splunk does not contain the modules required by this app.


We value your feedback and will continue to update this app on a regular basis. Please send comments, requests, or feedback to <>.


10 ratings

Version 3.3.10

Developer Supported

Contact Developer

Built by Anomali Team