Introducing Splunk Add-On for Splunk Attack Analyzer & Splunk App for Splunk Attack Analyzer

Security Neal Iyer

Following our announcement of Splunk Attack Analyzer in July 2023, we are excited to announce the launch of:

These offerings help us bolster our unified security operations experience by bringing threat analysis results from Splunk Attack Analyzer into the Splunk platform.

The challenges with hiring top talent to staff a modern Security Operations Center (SOC) are ubiquitous. Every SOC team has to contend with a few top-tier analysts being barraged with escalations from tier 1 analysts tasked with triaging an ever-growing volume of alerts hitting the SOC.

Splunk Attack Analyzer multiplies force of SOC teams

Splunk Attack Analyzer can serve as a force multiplier for SOC teams with its capabilities of:

With Splunk Attack Analyzer, every analyst can triage each alert with a high level of proficiency. Moreover, integrations with Splunk SOAR can help automate a large number of alerts altogether based on verdicts from the analysis of a threat from Splunk Attack Analyzer — thereby eliminating workload from the SOC.

However, the gains with Splunk Attack Analyzer don’t stop at triaging individual alerts. Aggregating data across submissions can help SOC teams gain a broader perspective on how adversaries are targeting the organization past their defenses.

The Splunk Add-on and App for Splunk Attack Analyzer combine to help make it easy to visualize and socialize these insights with leadership and across the larger team.

Splunk Add-on for Splunk Attack Analyzer

The Splunk Add-on for Splunk Attack Analyzer ingests results of submissions made to Splunk Attack Analyzer into the Splunk platform. It makes the data searchable and allows teams to build custom queries, reports and dashboards. It can fetch:

Splunk App for Splunk Attack Analyzer

The Splunk App for Splunk Attack Analyzer takes the data ingested by the Add-on and provides a set of out-of-the-box dashboards that:

Usage Insights Dashboard

This dashboard provides insight into where Attack Analyzer is being leveraged by the SOC team today and how usage varies across the team. It provides the following visualizations:

Credential Phishing and Malware Insights

Phishing Insights: Impersonated Brands

Provides insights on brands being impersonated to target employees in phishing attacks that are getting past current security controls.

Phishing Insights: Phish kits

Malware Insights: Malware Families

How this helps your analysts

Blue teams can leverage the insights from the Splunk App for Splunk Attack Analyzer to better understand tactics being leveraged by adversaries and then implement measures that enhance the security posture of the organization. For example security teams can:

To benefit from these new offerings, existing Splunk Attack Analyzer customers can download and install the app on their Splunk platform instance from Splunkbase using the links below:

Learn more about Splunk Attack Analyzer

Ready to automate threat analysis? We’ve got you covered! Visit the Splunk Attack Analyzer webpage or speak to your account manager to learn more.

Related Articles

Boss of the SOC 2.0 Dataset, Questions and Answers Open-Sourced and Ready for Download
Security
2 Minute Read

Boss of the SOC 2.0 Dataset, Questions and Answers Open-Sourced and Ready for Download

You asked, we delivered – Boss of the SOC 2.0 has been open sourced, including dataset, questions, answers and even a scoring server update!
Splunk Named a Leader in the 2022 IDC MarketScape for SIEM
Security
2 Minute Read

Splunk Named a Leader in the 2022 IDC MarketScape for SIEM

See why Splunk earned a spot in the 'Leaders' category in the 2022 IDC MarketScape for worldwide SIEM software.
Partner Spotlight: Texas Bankers Association Operationalize Data Across Teams and Tools
Security
3 Minute Read

Partner Spotlight: Texas Bankers Association Operationalize Data Across Teams and Tools

TruSTAR, acquired by Splunk, recently spoke with Alvin Mills, TBA’s Vice President of Information Technology and Security to learn why the organization selected TruSTAR as its intelligence management platform for data-centric security automation.