Add intelligence to Splunk Enterprise Security
As an ES administrator, you can use the threat intelligence framework in Splunk Enterprise Security to download and parse other forms of intelligence that you can use to correlate with events or enrich dashboards using search. Adding these generic forms of intelligence enhances your analysts' security monitoring capabilities and adds context to their investigations.
Splunk Enterprise Security includes a few intelligence sources. Splunk Enterprise Security also supports adding other generic intelligence sources.
ES administrators can add generic intelligence to Splunk Enterprise Security by downloading a feed from the Internet.
Example: Add a ransomware threat feed to Splunk Enterprise Security
Download an intelligence feed from the Internet in Splunk Enterprise Security
This documentation applies to the following versions of Splunk® Enterprise Security: 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.3.0 Cloud only, 6.4.0, 6.4.1, 6.5.0 Cloud only, 6.5.1 Cloud only, 6.6.0, 6.6.2