Corvil Security Analytics enables Security Ops teams to achieve more effective detection, investigation and response for network-based security threats, by leveraging Corvil's powerful network traffic analysis, anomaly detect and forensics capabilities. This Corvil Add-on for Splunk Enterprise Security includes the following features: 1) Automatic CIM mapping for Corvil Security Analytics stream events, so they are searchable and can be correlated based on normalized Splunk CIM tags and fields, within Splunk Enterprise Security. 2) Adaptive Response action: 'Track as Suspicious Host' - which enables a user within Splunk Enterprise Security to initiate and access full packet capture for the host involved in the notable event from which the adaptive response action was invoked. Important note - The 'Corvil Connector for Splunk' must be installed, configured and operational before using this add-on.