Flashpoint Splunk App

Leveraging Flashpoint’s technical data and intelligence reports provides Splunk users with visibility into illicit online communities in order to correlate information related to their infrastructure, therefore, gaining insights in a timely manner and leveraging connections to prioritize their response. The Flashpoint Splunk App and Add-on enables Flashpoint data to be seamlessly integrated into customers’ Splunk instances in order to automatically alert customers when a match has been made between indicators from internal log data and Flashpoint intelligence. Integrated Flashpoint Datasets: Technical Indicators: Enables users access to indicators of compromise (IOCs) and technical data across Flashpoint datasets, including those found in Flashpoint Finished Intelligence Reports, allowing for seamless integration into users’ workflows and automated tools. Finished Intelligence: Access to analytical reports produced by our intelligence analysts. Reports cover a wide spectrum of illicit underground activity, including crimeware, fraud, emerging malware, violent extremism, and physical threats. Flashpoint CVEs Dataset: CVEs: Access to the latest CVEs within Flashpoint collection, including access to MITRE and NVD data, as well as CVEs discussed by threat actors as observed by Flashpoint Intelligence Analysts. Key Features: - Captures, indexes, and correlates in real time Flashpoint technical data within Splunk’s searchable repository - Enables users to generate reports and visualizations, including graphs, alerts, and dashboards - Collect integrated data using Flashpoint’s REST-based API - Includes IOCs such as hashes, URLs, domains, as well as details related to malware families, mapping to the MITRE ATT&CK framework - Access Pre-Built Dashboards with associated Flashpoint data - View new CVEs and see which products they affect, see which CVEs are being discussed by malicious actors and see which CVEs have active exploits About Flashpoint Flashpoint delivers converged intelligence and risk solutions to private and public sector organizations worldwide. As the global leader in Business Risk Intelligence (BRI), Flashpoint provides meaningful intelligence to assist organizations in combating threats and adversaries. Through sophisticated technology, advanced data collections, and human-powered analysis, Flashpoint is the only intelligence firm that can help multiple teams across an organization bolster cybersecurity, confront fraud, detect insider threats, enhance corporate and physical security, improve executive protection, address third-party risk, and support due diligence efforts. For more information, visit https://www.flashpoint-intel.com/ or follow us on Twitter at @FlashpointIntel.

Built by Matt Howell

Latest Version 2.1.0

October 23, 2024

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1

Rating

0

(0)

Log in to rate this app

Support

Developer Supported app

Learn more

Leveraging Flashpoint’s technical data and intelligence reports provides Splunk users with visibility into illicit online communities in order to correlate information related to their infrastructure, therefore, gaining insights in a timely manner and leveraging connections to prioritize their response. The Flashpoint Splunk App and Add-on enables Flashpoint data to be seamlessly integrated into customers’ Splunk instances in order to automatically alert customers when a match has been made between indicators from internal log data and Flashpoint intelligence. Integrated Flashpoint Datasets: Technical Indicators: Enables users access to indicators of compromise (IOCs) and technical data across Flashpoint datasets, including those found in Flashpoint Finished Intelligence Reports, allowing for seamless integration into users’ workflows and automated tools. Finished Intelligence: Access to analytical reports produced by our intelligence analysts. Reports cover a wide spectrum of illicit underground activity, including crimeware, fraud, emerging malware, violent extremism, and physical threats. Flashpoint CVEs Dataset: CVEs: Access to the latest CVEs within Flashpoint collection, including access to MITRE and NVD data, as well as CVEs discussed by threat actors as observed by Flashpoint Intelligence Analysts. Key Features: - Captures, indexes, and correlates in real time Flashpoint technical data within Splunk’s searchable repository - Enables users to generate reports and visualizations, including graphs, alerts, and dashboards - Collect integrated data using Flashpoint’s REST-based API - Includes IOCs such as hashes, URLs, domains, as well as details related to malware families, mapping to the MITRE ATT&CK framework - Access Pre-Built Dashboards with associated Flashpoint data - View new CVEs and see which products they affect, see which CVEs are being discussed by malicious actors and see which CVEs have active exploits About Flashpoint Flashpoint delivers converged intelligence and risk solutions to private and public sector organizations worldwide. As the global leader in Business Risk Intelligence (BRI), Flashpoint provides meaningful intelligence to assist organizations in combating threats and adversaries. Through sophisticated technology, advanced data collections, and human-powered analysis, Flashpoint is the only intelligence firm that can help multiple teams across an organization bolster cybersecurity, confront fraud, detect insider threats, enhance corporate and physical security, improve executive protection, address third-party risk, and support due diligence efforts. For more information, visit https://www.flashpoint-intel.com/ or follow us on Twitter at @FlashpointIntel.