Overview of workflow applications in Splunk Intelligence Management
Use the workflow applications in Splunk Intelligence Management for Splunk Enterprise and Splunk Enterprise Security for the following detection use cases:
- Detect: Automate the matching of highly-scored indicators into your detection tool to optimize detection workflows for better accuracy. You can also customize data ingest preferences to reduce false positive rate.
- Investigate: Display Splunk Intelligence Management's enrichment data in your existing workflows and applications for more context into indicators and events.
- Triage: Automatically prioritize events based on normalized scores from your internal and external data sources. Connect those indicators and events with detection, incident response, and orchestration tools to trigger further actions.
This documentation applies to the following versions of Splunk® Intelligence Management (Legacy): current
Feedback submitted, thanks!