What does the integration with Attack IQ do?


We are planning on integrating with Attack IQ. Does anybody have any information about it?

We were told the following -

-- The high level purpose of the SIEM integration: Enables AIQ to assess Splunk’s ability to detect events triggered by the AIQ scenarios and identify events that were undetected. The integration will provide additional insight into our Splunk visibility and detection based off known AIQ scenarios, which can be useful to tweak/tune alerting and possibly identify/troubleshoot problems with Splunk ingesting logs and events.

It seems the integration itself is implemented via the rest api, right?

alt text

Tags (1)