Splunk Enterprise

Intel (API v4)

Collects indicators and writes to a Splunk index that is then turned into a Splunk lookup. Also includes correlation features based on customer data that maps to the Splunk CIM

Security Validation

"Return events generated security technologies that write events to the SIEM and that match Mandiant Security Validation actions.

Also in the Splunk App, information about Validation jobs is collected and made available for visualization and analysis"

Automated Defense

Data can be fetched in raw format. Quering Splunk can return the raw events as sent to Splunk.

Attack Surface Management

The Mandiant Advantage App uses the ASM API to push external assets and identified issues to Splunk Enterprise Security.