Turn Splunk into a threat hunting platform. Connect Splunk to 1000's of threat intelligence sources in seconds.
The ThreatPipes App for Splunk provides a way of consuming indicators of compromise (IOCs) from any threat intelligence feed using ThreatPipes including; open-source, commercial and custom intelligence sources.
Leverage the indicators to identify and block threats using the automated saved searches in the app.
Please note that the ThreatPipes App for Splunk only works on Linux systems at this time.
ThreatPipes App for Splunk can be found on Splunk Base. Once downloaded, install the App as you would do with any other Splunk App.
ThreatPipes App for Splunk is supported in Splunk Search Head Clusters.
ThreatPipes App for Splunk does not impact your Splunk license. IOCs are stored directly in Splunk KVStores (out of the scope of Splunk licensing).
To add a ThreatPipes input, first add your ThreatPipes server details:
Configoration > Accounts > Add
Then create a new threat intelligence input:
Inputs > Create new input
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.