OpenCTI for Splunk Enterprise

OpenCTI is an open-source platform developed by Filigran to help organizations manage their cyber threat intelligence and observables. It enables cybersecurity teams to efficiently organize, store, and operationalize threat information across technical, operational, and strategic levels. OpenCTI for Splunk Enterprise enables Splunk users to interconnect Splunk with OpenCTI and to leverage threat information to improve detection capabilities and response to security incidents. This new application represents a major evolution from the previous version (OpenCTI Add-On) and stands out through: - The ability to import multiple object types, not just indicators - An optimized architecture for clustered Splunk environments and Splunk Cloud, enabling the feeding of a Splunk Index and the use of saved searches to populate KV Stores - A migration to the UCC (Universal Configuration Console) framework that implements best practices in development Key features: - Modular inputs for ingesting OpenCTI data via the OpenCTI Stream API - Ability to trigger OpenCTI actions in response to Alerts and to investigate them directly in OpenCTI -Support for multiple object types (Indicators, Observables, Relationships, Sightings) About Filigran Filigran (www.filigran.io ) provides open-source cybersecurity solutions covering threat intelligence management, breach and attack simulation, and cyber risk management.