IntSights App for Splunk

The IntSights Splunk App is an integration between Rapid7 Threat Command (Threat Command) and the following Splunk products:

  • Splunk standalone environment
  • Splunk Cloud
  • Splunk Distributed Deployment
  • Splunk Enterprise Security (ES)

The integration enables Splunk users to import IOCs, alerts, and vulnerabilities (CVEs) from Threat Command and to correlate them in the Splunk environment. Imported values are automatically updated in Splunk enabling a single pane of glass view.

This section describes how to install, configure, and use the IntSights Splunk App.

This section assumes familiarity with both the Splunk Enterprise Security platform and IntSights ETP Suite.