SOC Prime Attack Detective App for Splunk

SOC Prime Attack Detective App for Splunk connects your on-prem Splunk instance to Attack Detective on the SOC Prime Platform. Attack Detective (https://tdm.socprime.com/attack-detective/) intelligently and automatically queries security logs in the customer's security platform to identify data sources and then scan them in real time to provide cyber defenders with a holistic view of the organization’s cybersecurity posture, which enables smart data orchestration and next-gen automated threat hunting. Scans use prioritized detection content from Threat Detection Marketplace and correlate results with MITRE ATT&CK®. Explore the outcomes consolidated into the detected ATT&CK techniques along with the impacted assets, services, and accounts. Analyze potential threat actors and adversary tools in use. Instantly visualize a heatmap with triggered ATT&CK tactics and techniques and time of access for particular threat actors to find out if they can be attributed to a relevant attack. Validate the risks by running selected queries in your Splunk instance and mark the outcomes based on the displayed behavior to prioritize your detection procedures.