Anomali ThreatStream App for Splunk empowers Splunk users to leverage threat intelligence to detect, prioritize, and response to security incidents. It provides Splunk users with threat data collected and curated from industry leading threat intelligence platform ThreatStream to correlate with your log data in Splunk, detect malicious activities in incoming and outgoing traffic, alert security teams, and provide you with detailed contextual information from a variety of threat sources (open source, commercial, Anomali Labs, customer internal, etc.). Moreover, the App has built-in Splunk Adaptive Response actions, automating security and threat investigation workflow to reduce investigation time and enable a rapid, decisive response.
The ThreatStream App for Splunk should only be installed on Splunk Enterprise Search Heads. An index entry will need to be created on a Splunk Indexer Cluster for the
Due to changes in the way that we process macros, an additional upgrade step is required for all Splunk App installations upgrading to this version.
Full documentation can be found on the Downloads page within ThreatStream
Added validation to prevent IOCs from being dropped due to excessive tag length
Performance Improvements in the ThreatModel download
Fixed mvexpand issues resulting in lack of event fields
Streamlined matching and matching display searches
Fixed domain matching search missing action
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.