📣 New Feature Alert: Generate Threat Profile Recommendations directly from Splunk Events! 📣
With our latest release, you can now seamlessly map threat associations from IOC matches in Splunk directly into your Google Threat Intelligence (GTI) Threat Profiles!
What’s New?
By leveraging the Google Threat Intelligence for Splunk app, your administrators can automatically synchronize observed threats—straight from your Splunk Adversary Intelligence dashboard into your chosen GTI Threat Profile.
Key Highlights:
-
🎯 Accurate & Noise-Free: The integration only sends automatically correlated data. Manual SPL query investigations are excluded to ensure your Threat Profile remains highly relevant and actionable.
-
🛡️ Comprehensive Coverage: Automatically sync specific threat association types including Threat Actors, Malware Families, Software Toolkits, and Campaigns.
-
🏷️ Clear Visualization & Filtering: Synchronized collections automatically populate in Google TI with "Observed" and "Splunk" tags. You can easily filter your landscape by selecting "Observed" under the Recommendation Source to see exactly what has hit your infrastructure.
Ready to get started?
Ensure your Splunk environment is equipped with the GTI for Splunk app (available on Splunkbase), toggle the synchronization on in your Threat Profile settings, and let the automated mapping do the rest!
🔗 Read the full setup guide here: Generating Threat Profile Recommendations from Splunk Events
