Enrich security events in Splunk with the Investigate API
The Splunk Add-on for Investigate automatically enriches security events inside Splunk with threat intelligence about the domains, IPs, and file hashes used in attacks. Now, security analysts have more context and can make faster, more informed decisions when responding to critical incidents and researching potential threats.
Automatically enrich security events with Investigate’s intelligence about the relationships between domains, IPs, and file hashes.
Expose valuable connections within an attacker’s infrastructure with Investigate’s intel — including co-occurrences, related domains, geolocation, categorization, and reputation scores.
With Investigate’s rich context populated in Splunk, security teams can leverage a single platform to make faster, more informed decisions during investigations — versus correlating data from multiple sources.
Watch this webinar with Henry Canivel, Security Operations Engineer at Splunk & Investigate Product Manager, Jeremy Linden as they outline the steps you can take to: