A few weeks ago I showed how to use the Anomali ThreatStream Splunk App to hunt known actors that had been observed trying to access your environment, and in some cases where they were already inside.
For those who are not yet ThreatStream customers, do not fear. Our free ThreatStream Community Splunk App can get you started with Anomali’s powerful Threat Intelligence, allowing you to proactively monitor your network and protect against attacks.
View our Weekly Threat Bulletin reports
You might have seen the weekly Threat Briefings our labs team posts on the blog. Many ThreatStream and non-ThreatStream customers alike use these posts to stay on-top what’s happening in the cyber security world (attackers, malware outbreaks, threats, etc).
If you’re a Splunk user you can view these Threat Briefings without ever leaving Splunk in the ThreatStream Community App.
Automated Threat Bulletin Matches
Not only can you view the downloaded Threat Bulletins, the ThreatStream Community App will also match your Splunk against the Indicators of Compromise (IOCs) linked to each Bulletin. IOCs include IPs, URLs, file hashes (malware), and compromised emails, for example. If you see one of these IOCs match against your Splunk logs, it can indicate a further investigation is needed.
Match Against Millions of IOCs
If you choose, you can also forward your Splunk logs into Anomali Reports to have them analysed against millions more IOCs. If you choose to upgrade to our ThreatStream Commercial Splunk App you can download these indicators directly into Splunk, and use with other Splunk Apps.
See the App in Action
Free Download on Splunkbase
The Anomali Community App for Splunk combines the quality of Anomali’s threat intelligence with the depth of Splunk’s analytics to help organizations identify and respond to external security threats.
Source: Honeypot Tech