For additional information, view the solution brief: https://wow.intsights.com/rs/071-ZWD-900/images/IntSights%20%2B%20Splunk%20Solution%20Brief.pdf
- Added support for ETP Suite Alerts
- Added support for ETP Suite Vulnerabilities and CVEs correlation.
- Added macro to disable outgoing tags and comments for correlated IOCs.
- Filters were added to the Correlation Overview and Correlation Details dashboards
- The Correlation Details dashboard shows many more details, and enables simple viewing of IOCs in the ETP Suite IOCs page
- Enhanced custom alert options
- Support for Splunk v8.1.x
- Bug fixes
Correlation details, clicking on of the indicators will set the default time range based on the query.
Bug fix for connecting the app via proxy.
Improved dashboard panels loading time for fast loading, by caching values from last successful run.
Improved correlation searches, to handle larger data sets.
Retiring IOCs from Master lookup and matched lookup based on IOC retirement policy.
This version is the primary IntSights application for Splunk, other applications will no longer be developed and will be deprecated over time.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.