About Kaspersky Threat Intelligence Portal for Splunk Phantom

Support

Support for business applications

Kaspersky Threat Intelligence Portal for Splunk Phantom

August 23, 2019

ID 184492

Kaspersky Threat Intelligence Portal for Splunk Phantom is a Splunk Phantom app that allows you to look up threat intelligence information about IP addresses, URLs, domains, and hashes on Kaspersky Threat Intelligence Portal, and gives you access to Kaspersky Advanced Persistent Threat (APT) Intelligence reports.

Kaspersky Threat Intelligence Portal for Splunk Phantom has the following features:

Looking up indicators: IP addresses, URLs, domains, and hashes
Receiving Kaspersky APT Intelligence reports that contain information about high profile cyber-espionage campaigns
Receiving detailed information about indicators
The detailed information includes the link to the Kaspersky Threat Intelligence Portal page with full information about the indicator, the number of detection events related to the indicator, and the name of the APT report that mentions the indicator.

Kaspersky Threat Intelligence Portal for Splunk Phantom runs in the Splunk Phantom platform version 4.2.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.

Join us on Telegram

Release info, latest updates in the support lifecycle and new articles