Splunk® Intelligence Management (Legacy)

User Guide

Access different features of Splunk Intelligence Management

Use the navigation bar to select the feature you want to work on in the Splunk Intelligence Management.

Icon Feature area Description
The reports icon Reports Intelligence reports consist of structured and unstructured data stored in a specific enclave. Indicators in the report are extracted and enriched with information from internal and external intelligence sources. Reports that are in the selected enclave of the Filter and Refine panel are displayed by default.
The indicators icon Indicators Indicators provide context to help you identify harmful activity on a network, such as a security breach or other suspicious incident. Internal information, such as cases, reports, or emails can contain data about an event on a network or device. These events contain observables such as URLs, hashes, or email addresses. When you send an event to Splunk Intelligence Management, the intelligence pipeline extracts, normalizes, and enriches the observables with the intelligence sources to which you have access, thus transforming them into indicators.
The Phishing Triage icon Phishing Triage Panel to view and manage phishing emails.
The intel workflow icon Intelligence Workflow Panel to work with intelligence workflows. Sophisticated threat intelligence operations require integrating data from multiple sources of intelligence. The Splunk Intelligence Management marketplace provides easy access to a variety of external intelligence sources from Splunk Intelligence Management partners and other cyber-intelligence sources. To access the marketplace, click the Marketplace icon on the navigation bar. Clicking the Marketplace icon displays a list to the right of the navigation bar of choices available in the marketplace. Click on an item in that list to see the icons for the available intelligence sources.

You must be a company administrator to subscribe or unsubscribe to an intelligence source.

The marketplace icon Marketplace Many of the intelligence sources in the Splunk Intelligence Management marketplace are available immediately upon subscription, but certain paid and proprietary intelligence sources are only available after validation of API keys and credentials. Click this icon to view links to external intelligence sources and to applications that support a full integration with Splunk Intelligence Management.
The community icon Community Click this icon to access the community Slack channel.
The support icon Support Topics ranging from FAQs to how to integration with third-party sources and software.
The user settings icon User Settings Managing users, API access, redaction, and other advanced features in Splunk Intelligence Management.
Last modified on 06 October, 2022
 

This documentation applies to the following versions of Splunk® Intelligence Management (Legacy): current


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters