Sign In Get a Demo

Close

Close

Close
4.5 rating

Get Started with Maltego

Please share your contact information for a personalized session.

By clicking on "Submit", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Privacy Policy.

Thank you!
We will contact you soon.

In the meantime, check out our product overview
to learn more about the Maltego platform.

Schedule a personalized 30-minute demo to
see how we can meet your investigation needs.

home Transform Hub

Splunk

By Maltego Technologies
Cross-reference IP Addresses, domains, hashes, URLs, and other IOCs with internal intelligence.
# Endpoint & Security Events # Incident Response # Threat Hunting
Splunk integration for Maltego

Splunk Enterprise Integration for Maltego 

Splunk is a software platform used for monitoring, searching, analyzing, and visualizing machine-generated log data in real-time. It provides insights to technology infrastructure, security systems, and various business applications that help drive operational performance and business results. 

The Splunk Enterprise integration for Maltego combines the full advantage of the Splunk Common Information Model (CIM) with the investigative capabilities of link analysis. SOC teams and cyber security and threat analysts alike can easily query the following CIM data models: 

  • Authentication 
  • Endpoint 
  • Malware 
  • Network Resolution 
  • Network Sessions 
  • Network Traffic 
  • Vulnerabilities 

Investigators can also perform raw searches, using Splunk’s Search Processing Language to get other events that may not yet be part of the data models. 

Splunk use case in Maltego

Typical Users of Splunk Integration

  • SOCs and CERTs
  • Incident Response
  • Threat Analysts
  • Trust and Safety Teams

Integration Benefits

Seamlessly Start Investigations in A Simple, Visualized Graph

Cross-reference data points like IP Addresses, domains, hashes, URLs, and other Indicators of Compromise (IoC) with organization-wide internal intelligence stored in Splunk directly via Maltego.

Supporting 7 CIM Data Models and More

The Maltego Splunk integration supports up to 7 Splunk Common Information Model (CIM) data models including Authentication, Malware, Network Traffic, Vulnerabilities, and more. Investigators can also perform Raw Searches using Splunk’s Search Processing Language to retrieve other events.

Automated Workflows Using Custom “Machines”

Automate standard investigative workflows to quickly bring in relevant IoC’s and related intelligence with the click of a button using Maltego Machines. Help your analysts save time while performing in-depth threat investigations and increase their coverage, without sacrificing quality.

Combine Splunk with Other Threat Intelligence Feeds

Pivot from information of the Splunk events to data in other threat intelligence feeds such as VirusTotal, Intezer, AbuseIPDB, and more, all within the same graph. This is especially helpful for analysts to assess security incidents and start remediation processes.

Leverage Splunk Integration for

Incident Response

Analyze and investigate Splunk alerts by exploring and visualizing details of Splunk events, network logs, timestamps, accounts, and more. Pivot directly from Splunk data to threat intelligence feeds to enrich your security analysis.

Vulnerability Assessment

Enrich information associated with Hash Entities and check for relevant indicators of compromise (IOCs) in Splunk to minimize investigative time and protect your organization’s network.

Threat Hunting

Improve & automate your threat hunting process by pivoting from Threat Intelligence Reports to IOCs and Splunk events in minutes instead of hours, with the enrichment provided by our Free and Paid Intelligence vendors.
Read more

Resources

Articles

Siem-plify Your Investigations with Splunk and Maltego!

Articles

Automate Investigations with Maltego Machines – Part 2: Our New Cybersec & SOCMINT Machines

Articles

Investigator Toolkit January 2023: Cheat Sheets for Faster and Spot-on Workflows

About Maltego Technologies

Maltego empowers investigators worldwide to speed up and increase the precision of their investigations through easy data integration in a single interface, aided by powerful visualization and collaborative capabilities to quickly zero in on relevant information. Maltego is a proven tool that has empowered over one million investigations worldwide since its first launch in 2008. Due to its wide range of possible use cases ranging from threat intelligence to fraud investigations, Maltego is used by a broad audience, from security professionals and pen testers to forensic investigators, investigative journalists, and market researchers. Maltego Technologies GmbH is your partner for all Maltego products and provider of all Maltego related services.
Products & Pricing
Get Maltego
Data Sources
Company
Resources
© 2018-2025 by Maltego Technologies. ISO 27001:2022 Certified