icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Anomali ThreatStream App for Splunk
SHA256 checksum (anomali-threatstream-app-for-splunk_653.tgz) 751b10a2e27413c9bf39cfb4c4521cbb8b97d1457373de85790066d637c87777 SHA256 checksum (anomali-threatstream-app-for-splunk_652.tgz) bb3435dee7d47d1396a3169633cdd910fbb7d1b6c61cb86c363c09427bcef7ad SHA256 checksum (anomali-threatstream-app-for-splunk_642.tgz) 159bb361fbff783ef1f1a27759897c5b584ce0f1207284354797d30b017c7d26
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Anomali ThreatStream App for Splunk

Splunk Cloud
Overview
Details
Anomali ThreatStream App for Splunk empowers Splunk users to leverage threat intelligence to detect, prioritize, and response to security incidents. It provides Splunk users with threat data collected and curated from industry leading threat intelligence platform ThreatStream to correlate with your log data in Splunk, detect malicious activities in incoming and outgoing traffic, alert security teams, and provide you with detailed contextual information from a variety of threat sources (open source, commercial, Anomali Labs, customer internal, etc.).

Moreover, the app has built-in Splunk Adaptive Response actions, automating security and threat investigation workflow to reduce investigation time and enable a rapid, decisive response.

To get started:

1. Download and read the ThreatStream Splunk App User Guide from the ThreatStream Downloads Page
1. Download the app and install on your Splunk Enterprise Search Head
2. Setup the App

To obtain access to this app on Splunkbase, please reach out to your account manager and/or Anomali Customer Support. We recommend that customers using Splunk Cloud do this before attempting to install the App on their Cloud instance. When installing the Anomali ThreatStream App for Splunk onto a Cloud instance, please raise a Cloud support ticket asking to install from Splunkbase

Overview:

Anomali ThreatStream App for Splunk empowers Splunk users to leverage threat intelligence to detect, prioritize, and response to security incidents. It provides Splunk users with threat data collected and curated from industry leading threat intelligence platform ThreatStream to correlate with your log data in Splunk, detect malicious activities in incoming and outgoing traffic, alert security teams, and provide you with detailed contextual information from a variety of threat sources (open source, commercial, Anomali Labs, customer internal, etc.). Moreover, the App has built-in Splunk Adaptive Response actions, automating security and threat investigation workflow to reduce investigation time and enable a rapid, decisive response.

Features:

  • Interaction with the ThreatStream platform for automatic threat data updates
  • Dashboards detailing event data associated with the known indicators of comprise (IOCs)
  • Intuitive visualization tools for rapid detection and prioritization of security incidents
  • Automatic alerting on critical indicator matches
  • Adaptive Response actions automating the security and threat investigation workflow

Prerequisites:

  • Linux or Windows Operating System
  • ThreatStream account
  • An internet connection from your Splunk Enterprise instance to access threat data from ThreatStream, or a connection to an Anomali Integrator instance

Install:

  • Login to Splunk as an admin.
  • Go to Apps->Manage apps
  • Click Install app from file.
  • Browse to the file folder with the app .tar.gz file.
  • Choose the file and click OK.
  • After the app is uploaded and installed, restart Splunk.

Distributed Setup:

The ThreatStream App for Splunk should only be installed on Splunk Enterprise Search Heads. An index entry will need to be created on a Splunk Indexer Cluster for the threatstream_summary index.

Upgrading to v6.4.1:

Due to changes in the way that we process macros, an additional upgrade step is required for all Splunk App installations upgrading to this version.

  • Backup the currently installed app local folder
  • Install the App via the UI or through the file system
  • Remove the local/macros.conf file
  • Re-instate the definitions for the ts_drilldown_filter macro and ts_index_filter macro

Full documentation can be found on the Downloads page within ThreatStream

Release Notes

Version 6.5.3
Feb. 22, 2021

Added validation to prevent IOCs from being dropped due to excessive tag length

Version 6.5.2
Dec. 1, 2020

Performance Improvements in the ThreatModel download

Version 6.4.2
April 20, 2020

Fixed mvexpand issues resulting in lack of event fields
Streamlined matching and matching display searches
Fixed domain matching search missing action

396
Installs
1,853
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.