Cyber4Sight® for Splunk integrates the threat intelligence content generated by Booz Allen’s Cyber4Sight® Managed Security Service within our Threat Defense Operations Best Practices into Splunk Enterprise Security.
Cyber4Sight® for Splunk increases the time-to-value for Splunk customers to quickly and easily integrate cyber threat intelligence into their environment. Leveraging Splunk’s Adaptive Response Framework and Booz Allen’s rich threat data, full context, and human readable reports, this app automatically correlates data and events in Splunk ES to operationalize intelligence for security use-cases.
This capability helps existing Splunk ES customers enhance functionality of the platform without having to separately or manually procure and integrate external threat intel capabilities. It helps prospective Splunk ES customers increase their ROI.
Cyber4Sight® is a mission focused intelligence monitoring service, providing actionable analysis across the full spectrum of cyber threats and their unique motivations behind them. We go beyond arbitrary risk scores with threat actor-centric context, connecting indicators to the actor and the intent behind the threat. This comprehensive picture is analyzed and curated by a team of intelligence analysts, technical experts (SOC, incident response, computer forensics, and malware reverse engineers), journalists, linguists, academics, anti-fraud investigators, registered private investigators, and former law-enforcement professionals. Our next-gen collection platform pulls from over 170,000 targeted sources of intelligence across the open and closed Internet to provide strategic and tactical insight for combatting cyber-crime, targeted attacks and hacktivism. Our sources range from social media, closed forums, security research communities, IRC channels, vendor feeds, P2P monitoring and paste sites, to over 400 deep and dark web forums and marketplaces.
Cyber4Sight® for Splunk and Splunk Enterprise Security 4.5.0 use the same framework and share certain components so that they work together without duplicating efforts.
If you have questions about Cyber4Sight® for Splunk, file a case using the Splunk Support Portal.
If your Splunk deployment is large or complex, talk to a member of the Splunk Professional Services team to assist you in deploying the Splunk App for PCI Compliance.
Installation process follow the standard Splunk App Install process. For more information
please refer to Splunk documentation. Note: The Cyber4Sight Add-on for Splunk must be installed before downloading this app.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.