Splunk® Intelligence Management (Legacy)

User Guide

Update your user settings

Click the user settings icon (The user settings icon) in the navigation bar to access user-controlled settings or logout of the Splunk Intelligence Management Web App.

By default, your user profile information is displayed when you access the user settings. For example, you can view which roles and permissions your user account has in the Role field. The following table lists the user profile options available for you to configure:

Setting Description
Profile View your user information, Enclave subscriptions, change your password, set your default enclave and timezone, and work with experimental features, including Dark Mode. For more information, see Editing Your Profile.
API Create or regenerate API credentials for use with partner integrations.
Users View, activate or deactivate users, add users and export user information. For details, see Managing Users. This setting is only available to Administrative users.
Enclave Inbox Configure the email inboxes for your private enclaves. For details, see Enclave Email Inbox.
Notifications Set up when and how you will be notified when new data is added to your private Enclaves and manage the list of keywords to watch. For details, see Notifications and Alerting.
Redaction Specify terms that will be removed from data imported to and exported from Splunk Intelligence Management enclaves. You can manually redact a single Intel Report or use the Redaction Library to automatically remove terms from reports. For details, see Redacting Data from Reports.
Safelist View and edit the company safelist. For more details, see Managing the Company Allow List .

Edit your user profile

If the User Profile page is not already open, click on Profile to view your user profile settings. You can change the settings listed in the table:

Setting Description
User Profile Lists your information, such as your role (administrator or user) and whether or not certain features are enabled (multi-factor authentication and single sign-on).
View Enclave Subscriptions Shows which enclaves you can access in your investigations and what permission levels you hold (view only, read/write, etc.).
Change Password How to update your password. Splunk Intelligence Management recommends changing your password on a regular basis.
Select Default Enclave Selects a default enclave to display in the Dashboard.
Select Default Timezone Controls what timezone is used to display dates and times in the Splunk Intelligence Management Web App.
Use Experimental Features Splunk Intelligence Management may release new Web App features for experimental use and you can choose to use them or not. For example, Dark Mode is currently available as an experimental feature.

Note: These features may be incorporated into future releases or removed from the user interface.

Configure the notifications you see

The Splunk Intelligence Management Web App can notify you by email about about important events that involve your preferences or activity on the platform. Notifications enable you to:

  • Learn if a new report was submitted to any of your private Enclaves
  • Learn if a new IOC list was submitted to any of your private Enclaves
  • Learn if a "Watched Keyword" you are following has been mentioned in any new Intel Reports submitted to your private Enclaves
  • Go to the Splunk Intelligence Management Web App to see the results of the notifications

Assess the notifications screen

  1. Click the user settings icon on the navigation bar, then select Settings from the dropdown menu.
  2. Click Notifications.

Edit the notifications you receive when you are logged in

You can choose these options for being notified of changes to your Enclaves:

  • New Submissions: Check this box to receive email notifications about new submissions in near-real time.
  • Digest Frequency: Check this box to receive a Daily or Weekly digest of notifications.
  • Unsubscribe Me...: Check this box to stop receiving all notifications from Splunk Intelligence Management.

After changing your options, click Update Notification Preferences to save the changes.

Get notified when specific keywords are found in enclaves

You can follow keywords of interest and be notified by email whenever a new Intel Report submitted to a private Enclave or added to a subscription Enclave contains that keyword.

  • You can add a new Watched Keyword through the Search feature:
  • To search for the keyword, select the Watch Keyword option.
  • To stop receiving notifications, click on the keyword you want to remove in the list of Watched Keywords.
Last modified on 21 April, 2022
Set up a dedicated service account for API keys and tracking   Use normalized indicator scores to identify the relative severity of each indicator

This documentation applies to the following versions of Splunk® Intelligence Management (Legacy): current

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters