IntSights Application for Splunk
Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
IntSights simplifies threat intelligence with the most comprehensive, flexible, and contextualized solution on the market. Our platform’s cutting-edge capabilities and unrivaled collection of sources enables security teams to gain maximum value from their threat intelligence programs.
The IntSights App arms Splunk users with curated external threat intelligence as they detect, prioritize, and respond to security incidents with ease and confidence. Leveraging bi-directional data enrichment, SOC analysts perform real-time deep threat correlation and analysis—all from within familiar tools and workflows.
Moreover, the app boasts a built-in Splunk Adaptive Response framework support, delivering automated actions in response to IntSights proprietary threat and alerting data—all to reduce SOC investigation times and enable a rapid, decisive response.
Key Features
Bi-directional integration with IntSights TIP
Automatic threat intelligence data export including IOCs from multiple sources (open source, commercial and from IntSights internal sources)
Automatic alerting on indicators that are active in the environment
Dashboards detailing event data associated with the IOCs found on your environment
Real-Time indicator investigation with IntSights Investigation API - directly from within the Splunk app
Seamless integration with IntSights iInvestigation module for advanced investigation
The IntSights App arms Splunk users with curated external threat intelligence as they detect, prioritize, and respond to security incidents with ease and confidence. Leveraging bi-directional data enrichment, SOC analysts perform real-time deep threat correlation and analysis—all from within familiar tools and workflows.
Moreover, the app boasts a built-in Splunk Adaptive Response framework support, delivering automated actions in response to IntSights proprietary threat and alerting data—all to reduce SOC investigation times and enable a rapid, decisive response.
Key Features
Bi-directional integration with IntSights TIP
Automatic threat intelligence data export including IOCs from multiple sources (open source, commercial and from IntSights internal sources)
Automatic alerting on indicators that are active in the environment
Dashboards detailing event data associated with the IOCs found on your environment
Real-Time indicator investigation with IntSights Investigation API - directly from within the Splunk app
Seamless integration with IntSights iInvestigation module for advanced investigation
For additional information on how to setup your application, please contact sales@intsights.com
For any support issue, please contact support@intsights.com
For additional information, view the solution brief: https://wow.intsights.com/rs/071-ZWD-900/images/IntSights%20%2B%20Splunk%20Solution%20Brief.pdf
Release Notes
Version 1.0.0
Sept. 27, 2020
This version is the primary IntSights application for Splunk, other applications will no longer be developed and will be deprecated over time.