Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Resources to learn more and get started with automated threat analysis

Apps and add-ons:

• Splunk Attack Analyzer Connector for Splunk SOAR
• Splunk App for Splunk Attack Analyzer
• Splunk Add-On for Splunk Attack Analyzer

Blogs:

• Enhancing SIEM Events with Automated Threat Analysis of URLs
• Splunk SOAR Playboook of the Month: Splunk Attack Analyzer Dynamic Analysis
• Announcing General Availability of Cisco Talos Intelligence in Splunk Attack Analyzer
• Splunk Attack Analyzer Introduces Built-in Translation and Achieves SOC 2 Compliance

Lantern articles:

• Automate threat analysis
• Automating the investigation of emails for malicious content

Here are a few top of mind questions from the live Tech Talk

Q. Do I need to own other Splunk products in order to use Splunk Attack Analyzer?

A. No, Splunk Attack Analyzer can be used on its own; you do not need to own any other Splunk products in order to use it.

Q. How can I get a demo of Splunk Attack Analyzer?

A. You can reach out to your account rep to set up a demo, or if you’re attending .conf25 in September, we’ll also have folks doing product demos in the Pavillion.

Q. Do you have any case studies about how customers use Splunk Attack Analyzer alongside other Splunk products?

A. Yes! One example is a case study featuring Johnson Matthey, which describes their use of Splunk Attack Analyzer alongside Splunk Enterprise Security and Splunk SOAR: https://www.splunk.com/en_us/customers/success-stories/johnson-matthey.html