Detection Integrations with REST API v1.3
Integrating a detection tool with Splunk Intelligence Management can support the exchange of data between the two platforms, providing enriched data that the detection tool can use in real-time analysis of security threats. See Configuration requirements to learn about the configuration details required for all integrations.
Recommended Functionality
Include the following REST API v1.3 commands in your integration:
- Search for Indicators
- Enrich Observables in a Report using Get Indicator Summaries or Get Indicator Metadata. You can also filter observables using these commands.
- Add Indicators to Company Safelist
Optional Functionality
You can use these commands to send data to Splunk Intelligence Management and share reports within Splunk Intelligence Management:
- Submit observables to Splunk Intelligence Management
- Submit a report
- Copy a report to another enclave. As part of sharing a report, you can choose to redact terms in the report using the Company Safelist stored in Splunk Intelligence Management.
- Move a report to another Enclave. As part of sharing a report, you can choose to redact terms in the report using the Company Safelist stored in SplunkIntelligence Management.
You can include this commands to extract data from Phishing emails:
You must have the Phishing Triage feature activated in Splunk Intelligence Management to use this command.
| Case Management Integrations with REST API v1.3 | SOAR Integrations with REST API v1.3 |
This documentation applies to the following versions of Splunk® Intelligence Management (Legacy): current
Download manual
Feedback submitted, thanks!