Splunk and Cisco Umbrella Investigate
Enrich security events in Splunk with the Investigate API
See what connections you’ve been missing during investigations
The Splunk Add-on for Investigate automatically enriches security events inside Splunk with threat intelligence about the domains, IPs, and file hashes used in attacks. Now, security analysts have more context and can make faster, more informed decisions when responding to critical incidents and researching potential threats.
Most complete view of attacks
Automatically enrich security events with Investigate’s intelligence about the relationships between domains, IPs, and file hashes.
Uncover missing connections
Expose valuable connections within an attacker’s infrastructure with Investigate’s intel — including co-occurrences, related domains, geolocation, categorization, and reputation scores.
Speed up investigations
With Investigate’s rich context populated in Splunk, security teams can leverage a single platform to make faster, more informed decisions during investigations — versus correlating data from multiple sources.
Webinar: Automation can improve SOC operations, but how?
Watch this webinar with Henry Canivel, Security Operations Engineer at Splunk & Investigate Product Manager, Jeremy Linden as they outline the steps you can take to:
- Gain internet-wide visibility into your network & predict attacks
- Amplify your existing security investments with Investigate
- Provide better enforcement for malicious destinations via API-based integrations with Splunk and Cisco products
