Add-on for VMRay Platform

The VMRay Platform’s advanced threat detection and analysis is based on our best-of-breed sandbox technology, which underlies our market-leading Dynamic Analysis. The Platform also features superior static file analysis as well as handy reputation lookup for files and URLs. The Splunk Enterprise Add-on for the VMRay Platform enables users to import valuable file and URL analysis results generated by the VMRay Platform into Splunk, thereby helping you to aggregate threat intelligence in a single location. The Add-on enables you to automatically import verdicts, VMRay Threat Identifier (VTI) scores, IOCs, YARA rule matches, file hashes and more. It also allows you to automatically export hashes of malicious files into Threat Intel within Splunk Enterprise Security. Optionally, you can easily submit files and URLs to the VMRay Platform from within Splunk, using the pre-configured Actions (included as part of the Add-on) which are integrated into Splunk’s Adaptive Response framework. And of course, once generated, these analysis results can be imported into Splunk too, which enables you to further consolidate your threat intelligence within Splunk.