Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Warning

This app is archived. Learn more

TruSTAR App for Enterprise Security app icon

TruSTAR App for Enterprise Security

Ingest pre-filtered Internal data, OSINT and Premium Intelligence feeds from your TruSTAR enclaves into Splunk ES Threat-Intel KV stores where Splunk ES Threat-Gen and Correlation Searches can use them to alert against your internal log events.

Built by Shimon Modi
splunk product badge

Latest Version 1.0.7
December 30, 2020
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1
CIM Version: 4.x
Rating

0

(0)

Log in to rate this app
Support
TruSTAR App for Enterprise Security support icon
Not Supported
Ingest pre-filtered Internal data, OSINT and Premium Intelligence feeds from your TruSTAR enclaves into Splunk ES Threat-Intel KV stores where Splunk ES Threat-Gen and Correlation Searches can use them to alert against your internal log events. Enrich and Prioritize your Splunk ES Notable Events based on context from your intelligence sources, TruSTAR's automated or on-demand enrichment adaptive response action allows users to view the pass-through scores from their premium intelligence feeds to help them prioritize their notable events. Submit events to TruSTAR for IOC extraction/identification and enrichment. THIS APP SHOULD BE INSTALLED ON SEARCH HEADS THAT ALREADY HAVE THE ENTERPRISE SECURITY APP. THIS APP CANNOT BE INSTALLED ON HEAVY-FORWARDERS. SplunkCloud users will need to specifically request that SplunkCloud allow modinputs to run on their SplunkCloud ES instances. If running an Enterprise Security SHC, this app must reside on the cluster captain. Ingestion will not happen on any other node. Any node that has this app will be able to use its adaptive response actions.

Categories

Created By

Shimon Modi

Type

app

Downloads

954

Resources

Log in to report this app listing