TruSTAR App for Enterprise Security

Ingest pre-filtered Internal data, OSINT and Premium Intelligence feeds from your TruSTAR enclaves into Splunk ES Threat-Intel KV stores where Splunk ES Threat-Gen and Correlation Searches can use them to alert against your internal log events. Enrich and Prioritize your Splunk ES Notable Events based on context from your intelligence sources, TruSTAR's automated or on-demand enrichment adaptive response action allows users to view the pass-through scores from their premium intelligence feeds to help them prioritize their notable events. Submit events to TruSTAR for IOC extraction/identification and enrichment. THIS APP SHOULD BE INSTALLED ON SEARCH HEADS THAT ALREADY HAVE THE ENTERPRISE SECURITY APP. THIS APP CANNOT BE INSTALLED ON HEAVY-FORWARDERS. SplunkCloud users will need to specifically request that SplunkCloud allow modinputs to run on their SplunkCloud ES instances. If running an Enterprise Security SHC, this app must reside on the cluster captain. Ingestion will not happen on any other node. Any node that has this app will be able to use its adaptive response actions.