By Maltego Technologies
Cross-reference IP Addresses, domains, hashes, URLs, and other IOCs with internal intelligence.
Splunk Enterprise Integration for Maltego
Splunk is a software platform used for monitoring, searching, analyzing, and visualizing machine-generated log data in real-time. It provides insights to technology infrastructure, security systems, and various business applications that help drive operational performance and business results.
The Splunk Enterprise integration for Maltego combines the full advantage of the Splunk Common Information Model (CIM) with the investigative capabilities of link analysis. SOC teams and cyber security and threat analysts alike can easily query the following CIM data models:
- Network Resolution
- Network Sessions
- Network Traffic
Investigators can also perform raw searches, using Splunk’s Search Processing Language to get other events that may not yet be part of the data models.
Typical Users of Splunk Integration
- SOCs and CERTs
- Incident Response
- Threat Analysts
- Trust and Safety Teams