ThreatBook TI app icon

ThreatBook TI

ThreatBook Cloud API for Splunk integrates ThreatBook threat intelligence with Splunk, enabling security teams to enrich IPs, domains, URLs, and file hashes with real-time threat intelligence. The app provides SPL search commands and automation capabilities to help analysts quickly investigate indicators and enhance security monitoring workflows with ThreatBook intelligence.

Built by
splunk product badge
screenshot
screenshot
screenshot
Latest Version 1.0.0
April 22, 2026
Compatibility
Splunk Enterprise, Splunk Cloud
Platform Version: 10.3, 10.2, 10.1, 10.0, 9.4, 9.3
Rating

0

(0)

Log in to rate this app
Support
ThreatBook TI support icon
Not Supported
ThreatBook TI for Splunk provides a seamless integration between Splunk and ThreatBook’s high-fidelity threat intelligence. Key features include: On-Demand Enrichment: Use SPL commands to instantly enrich logs with reputation data. Automated Correlation: Schedule periodic scans of raw indexes or CIM-compliant data models to detect malicious activity. Dual-Region Support: Native support for both China and Global API endpoints to match your business requirements. Visual Insights: High-performance dashboards for tracking detection trends, geographic distribution, and threat landscapes. Smart Caching: Local KVStore caching to optimize API performance and reduce operational costs.

Categories

SIEM, Threat Intel

Created By

Hui Wang

Type

app

Downloads

28

Licensing

Splunk End User License for Third Party Content(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing