Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Best Practices

cloud.jpeg

Splunk application for ActiveTrust Cloud

Hello,

 

I have just published a Splunk application for ActiveTrust Cloud.

 

This application allows to:
- get ActiveTrust Cloud logs into Splunk using the REST API introduced with ATC 2.0
- filter it efficiently with full drill down support based on the time, threat property, threat class, source IP, domain name, query type and much more
- get context from Infoblox Dossier threat intelligence.

 

Mandatory requires ActiveTrust Cloud.
Optionally requires Dossier for threat intelligence

 

https://splunkbase.splunk.com/app/3850/

 

Some screenshots

0.png

 

1.png

2.png

4.png

5.png

 

Any feedback welcome.

 

Regards

 

Nicolas

Showing results for 
Search instead for 
Did you mean: