Proactively monitor your network against attacks using our FREE Threat Intelligence in Splunk

A few weeks ago I showed how to use the Anomali ThreatStream Splunk App to hunt known actors that had been observed trying to access your environment, and in some cases where they were already inside.

For those who are not yet ThreatStream customers, do not fear. Our free ThreatStream Community Splunk App can get you started with Anomali’s powerful Threat Intelligence, allowing you to proactively monitor your network and protect against attacks.

View our Weekly Threat Bulletin reports

You might have seen the weekly Threat Briefings our labs team posts on the blog. Many ThreatStream and non-ThreatStream customers alike use these posts to stay on-top what’s happening in the cyber security world (attackers, malware outbreaks, threats, etc).

If you’re a Splunk user you can view these Threat Briefings without ever leaving Splunk in the ThreatStream Community App. 

Automated Threat Bulletin Matches

Not only can you view the downloaded Threat Bulletins, the ThreatStream Community App will also match your Splunk against the Indicators of Compromise (IOCs) linked to each Bulletin. IOCs include IPs, URLs, file hashes (malware), and compromised emails, for example. If you see one of these IOCs match against your Splunk logs, it can indicate a further investigation is needed.

Match Against Millions of IOCs

If you choose, you can also forward your Splunk logs into Anomali Reports to have them analysed against millions more IOCs. If you choose to upgrade to our ThreatStream Commercial Splunk App you can download these indicators directly into Splunk, and use with other Splunk Apps.

See the App in Action

Free Download on Splunkbase

The Anomali Community App for Splunk combines the quality of Anomali’s threat intelligence with the depth of Splunk’s analytics to help organizations identify and respond to external security threats.

Download the ThreatStream Community Splunk App on Splunkbase here.


Source: Honeypot Tech