Splunk® Enterprise Security

Administer Splunk Enterprise Security

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Add intelligence to Splunk Enterprise Security

As an ES administrator, you can use the threat intelligence framework in Splunk Enterprise Security to download and parse other forms of intelligence that you can use to correlate with events or enrich dashboards using search. Adding these generic forms of intelligence enhances your analysts' security monitoring capabilities and adds context to their investigations.

Splunk Enterprise Security includes a few intelligence sources. Splunk Enterprise Security also supports adding other generic intelligence sources.

ES administrators can add generic intelligence to Splunk Enterprise Security by downloading a feed from the Internet.

  1. Configure the intelligence sources included with Splunk Enterprise Security.
  2. Download an intelligence feed from the Internet.
  3. Verify that you have added intelligence successfully in Splunk Enterprise Security.
  4. Use generic intelligence in search with inputintelligence.
Last modified on 25 January, 2018
PREVIOUS
Change existing intelligence in Splunk Enterprise Security
  NEXT
Download an intelligence feed from the Internet in Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.3.0 Cloud only, 6.4.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters