Security operations teams rely on Splunk Enterprise and Enterprise Security to detect complex threats with actionable intelligence and advanced streaming analytics at scale. Pairing Recorded Future’s intelligence from across the open, dark web, and technical sources with Splunk’s powerful analytics reduces security risk by automatically positioning this threat data right in your Splunk environment, ensuring analysts see relevant data to them and minimizing the need to switch between tools. This empowers analysts to identify and triage alerts faster, proactively block threats, and helps to identify risks to your business to improve analyst efficiency.
Enrichments: Enrich IOCs (IPs, domains, hashes, and vulnerabilities) in the Recorded Future for Splunk app. Look up and see rich context around IOCs of interest
Correlations: Compare customer log data to Recorded Future's threat lists for IPs, Domains, Hashes, URLs to surface threats in a sea of raw data. Create correlation dashboards to show # of risky indicators, along with the associated risk metrics and last seen timestamps.
Targeted correlation dashboards: giving end users a more tailored experience when using Recorded Future for Splunk as compared to using the default risk lists.
Recorded Future Alert Triage: Bring specific Recorded Future alerts that are configured in the platform into the Splunk alerting dashboard for easy triage and remediation.
localop
in index search for sigma setup page.distsearch.conf
stanza.localop
in index search for sigma setup page.distsearch.conf
stanza.HTTPS-proxy settings issue occurring for users of Splunk 8. Splunk 8 uses a version of urllib3 that does not support HTTPS proxies and will use HTTP regardless of configuration. Please upgrade to Splunk 9 to get full HTTPS proxy support.
Fixed edge-case on migration from 1.1, where a setup without any use cases loaded caused the migration to fail.
This patch release fixes an issue affecting systems with many (25+) risk lists and/or alert profiles.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.