Splunk® Intelligence Management (Legacy)

Welcome to Splunk Intelligence Management

Observables supported by Splunk Intelligence Management

Splunk Intelligence Management identifies the following observables:

Entity Type
REGISTRY KEY Observable
IPV6 Observable
IPV4 Observable
CIDR BLOCK Observable
URL Observable
MD5 Observable
SHA1 Observable
SHA256 Observable
BITCOIN ADDRESSES Observable
SOFTWARE Observable
EMAIL ADDRESS Observable
PHONE NUMBERS Observable
DOMAIN Observable
CVE (based on NIST's CVE standard) Attribute
MALWARE Attribute
THREAT ACTOR Attribute
MITRE ATT&CK Attribute

Your account owner must enable phone numbers based on enclaves because they are not extracted by default.

Last modified on 21 April, 2022
 

This documentation applies to the following versions of Splunk® Intelligence Management (Legacy): current


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters