ThreatConnect

Home Marketplace Splunk Splunk Inc. (NASDAQ: SPLK) provides the leading software platform for real-time Operational Intelligence. Splunk® software and cloud services enable organizations to search, monitor, analyze and visualize machine-generated big data coming from websites, applications, servers, networks, sensors and mobile devices. More than 8,400 enterprises, government agencies, universities and service providers in more than 100 countries use Splunk software to deepen business and customer understanding, mitigate cybersecurity risk, prevent fraud, improve service performance and reduce cost. Splunk products include Splunk® Enterprise, Splunk Cloud™, Hunk®, Splunk MINT Express™ and premium Splunk Apps. Integrations How Splunk Enterprise Integrates With ThreatConnect's Threat Intelligence Platform SIEM and Analytics ThreatConnect provides the ability to aggregate threat intelligence from multiple sources (i.e., open source, commercial, communities, and internally created), analyze and track identified adversary infrastructure and capabilities, and put that refined knowledge to work in Splunk, identifying threats targeting organizations.The ThreatConnect App for Splunk provides Splunk users the ability to leverage customizable threat intelligence integrated into Splunk from their ThreatConnect accounts and trigger Playbooks directly from the Splunk interface. The App takes users' aggregated logs from Splunk and combines them with their threat intelligence in ThreatConnect. ThreatConnect provides context with indicators and enables their teams to easily spot abnormal trends and patterns to be able to act on them efficiently. Users can tie their data to Playbooks, ThreatConnect’s orchestration capability, to automate nearly any cybersecurity task and respond to threats faster directly from Splunk -- as well as send to other systems like Carbon Black, ServiceNow, Palo Alto, or Tenable. How Splunk and ThreatConnect Work TogetherUsing Splunk for threat intelligence management, you can:Automate the detection of Advanced Threats in your environment: Use ThreatConnect Query Language (TQL) to tailor the data you import into Splunk. Then, you can operationalize multi-source threat intelligence. Reduce False Positives to save time: Use timely, tailored, and accurate threat intelligence enriched and refined from several sources, such as our Collective Analytics Layer (CAL), to reduce false positives. Use intel from ThreatConnect communities against network data and logs in Splunk Enterprise. Prioritize events and respond to threats as they happen: Be proactive about threats and sort each by rating and confidence scores, relationship to known threats, past incidents, adversary groups, and tags. Get an overview of all ThreatConnect matches by intelligence source and data model search from your dashboard.How ThreatConnect Enhances SplunkThere are many reasons to incorporate Splunk into your threat intelligence feeds. Some of the ways ThreatConnect enhances Splunk include:Gives you the ability to apply tailored, relevant threat intelligence to your existing infrastructureAllows you to centralize threat intelligenceHelps you develop process consistencyAllows you to scale your operationsProvides context to threat intelligence so your security team can detect abnormal patterns and trends and take immediate action.Allows you to easily mark false positivesProvides the option to enrich and take action on your intel automaticallyEnables you to orchestrate security actions across your enterprise with PlaybooksDelivers alerts to block cyber threats and respond to incidentsHelps you correlate strategic and tactical threat intelligence with actionable machine-readable

Ensure a shared understanding of the cybersecurity risk landscape. Organizations should examine their current security measures, consider the quantifiable impact of potential security investments, and align their cybersecurity strategy with broader business objectives.Check out ThreatConnect Buyer’s Guide for Cyber Risk Quantification Solutions to explore the different types of CRQ solutions. From semi-quantitative measurements to AI-powered solutions, CRQ techniques continue to evolve. Discover how these approaches streamline risk assessment processes and drive effective risk mitigation strategies.Explore ThreatConnect Risk Quantifier – designed to operationalize cyber risk quantification effortlessly. ThreatConnect RQ addresses common cyber risk management challenges and paves the way for superior decision-making and strategic planning. You can take the interactive tour here or reach out to our experts for a demo! About the Author Anjali Chauhan Anjali Chauhan, Content Marketing Manager at ThreatConnect has 4 years of experience in Marketing, Content Creation, and Digital Marketing. Her passion lies in creating meaningful and impactful content. Some of Anjali's favorite hobbies include listening to music from the 80s and 90s, dancing, and spending time with her younger sister. Subscribeto our Emails

To an Indicator that exists in one of your ThreatConnect owners. If no such node is on the graph, pivot in ThreatConnect to add one.Click View Table in the Threat Graph header to open the Graph Objects drawer.Select objects in the table on the Graph Objects drawer using the following methods:Select individual objects: Select the checkbox to the left of an object’s value in the Type column to select the object.Select multiple objects at once: Select the checkbox to the left of the Type column header to select all objects on the current table page.HintSelections on one page persist when you navigate to another page, allowing you to select items across multiple pages.Click Selection Actions at the top left of the Graph Objects drawer and select Run Playbook….On the Select Playbook window (Figure 1), select a Playbook by clicking in the Description column for its entry, and then click Run Playbook to run the Playbook. If you select Indicators of multiple types on the Graph Objects drawer, the Select Playbook window will show all active Playbooks containing a UserAction Trigger configured for all selected Indicator types. For example, if you select a Host Indicator and an Address Indicator in the Graph Objects drawer, the Select Playbook window will show all active Playbooks containing a UserAction Trigger configured for both Indicator types; it will not show Playbooks containing a UserAction Trigger configured for only one of the Indicator types.NoteIf you select an Indicator that does not exist in ThreatConnect in the table on the Graph Objects drawer, the Select Playbook window will show no Playbooks. However, you can run Playbooks for these Indicators by first importing them into ThreatConnect with Threat Graph’s import feature.NoteWhen you select one or more objects in the table on the Graph Objects drawer, the Selected button at the top left of the table will show the current number of selected objects. To view only the objects currently selected in the table, click Selected.Options MenuFollow these steps to use an Indicator’s ⋯ menu in the Graph Objects drawer to run a UserAction Trigger–based Playbook for the Indicator in Threat Graph:Open Threat Graph.Ensure there is at least one node on the graph that corresponds to an Indicator that exists in one of your ThreatConnect owners. If no such node is on the graph, pivot in ThreatConnect to add one.Click View Table in the Threat Graph header to open