EclecticIQ Platform includes built-in integration with Splunk Enterprise, the leading platform for Operational Intelligence.
EclecticIQ Platform acquires cyber threat data in different formats from multiple sources; de-duplicates, normalizes, and enriches source data with additional contextual details; and feeds relevant information to Splunk Enterprise.
Splunk Enterprise, using a rule-based approach, analyzes and filters cyber threat data to identify the most relevant threats to your organization. Important sightings and alerts are then fed back into EclecticIQ Platform for automatic dissemination and analyst review.
The result of this process is a rich threat intelligence dataset that allows you to efficiently tune your SIEM prevention and detection system.
The Splunk App for EclecticIQ Platform ships with a default set of dashboard gauges to make it easier for Splunk users to monitor feed data collection, as well as to analyze and perform triage on any Indicators of Compromise (IOCs) the data analysis may yield.