Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Advanced Threat Analytics Security Operations Add-on
MD5 checksum (advanced-threat-analytics-security-operations-add-on_101.tgz) 36f59f92073f8d2dbe1dc7db30fbc4d7 MD5 checksum (advanced-threat-analytics-security-operations-add-on_100.tgz) e21fbfe7886f953644cf2c8bc63134a2
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Advanced Threat Analytics Security Operations Add-on

The Advanced Threat Analytics Security Operations add-on allows Splunk to send security events, alerts, and logs to the Advanced Threat Analytics Platform.

The Advanced Threat Analytics Platform (ATAP) uses an Alert Classification Engine (ACE) that allows Splunk users to send hundreds of thousands of notifications and/or security events from Splunk to ATAP for automated analysis and tuning. ATAP increases the efficiency of Security Operations Center Analysts by reducing the number of security events that require investigation.

This add-on allows Splunk to send data to the Advanced Threat Analytics Platform as an alert action.

Documentation is also available here.


Before performing Splunk integration setup procedures, ensure that you have the integration information from ATA for your specific user:

  • Unique organization ID
  • Authorization token


  1. Download the Advanced Threat Analytics Security Operations application from Splunkbase.
  2. In Splunk, click either the Apps gear icon, or the Manage Apps shortcut menu item.
  3. Click Install app from file.
  4. Click Choose File, select ataportal_app.spl, and click Upload.
  5. Click the Set up now button to configure the app for your organization. You MUST be a customer of ATA or a MSSP that leverages the ATA Platform.
  6. Provide the Advanced Threat Analytics Server URL, Authorization Token, and your Customer ID (unique Organization ID).

Once saved, the Advanced Threat Analytics Security Operations add-on for Splunk is installed and ready to be set up.


Within any alert, you can specify security events to be sent to the ATA Platform when the alert is fired.
Open or create your alert, select Add Actions, select the ATA IR Portal Alert Action dropdown, and fill in the alert dialog box.

After adding the Action, you will be able to add additional fields that can be customized on a per-Alert basis. These fields are optional and include the following. Any of these fields that are sent, with the exception of Title and Event Grouping can be used for searching and filtering on the ATA IR Portal.

  • Title – override the default Incident Title that’s created by ATA IR Portal
  • Event Grouping – how the ATA Portal will group events. This should be one of the fields present in the log event. Leave blank to use ATA Portal default (hostname or IP address).
  • Category – category of the Security Event sent
  • Priority – Priority of the Security Event sent
  • Type – Type of the Security Event being sent


For app support please contact

Release Notes

Version 1.0.1
April 26, 2017

Add app icons / logos

Version 1.0.0
April 19, 2017

Initial Release


Subscribe Share

Splunk Certification Program

Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2018 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.