Configure Cyware Intel Exchange in Splunk
The Cyware Intel Exchange app integrates Intel Exchange threat intelligence workflows into Splunk, enabling you to ingest, correlate, and act on indicator data efficiently. Use this app to view dashboards, perform searches, and run indicator-related actions directly within your Splunk environment.
Supported Versions
Cyware Intel Exchange for Splunk - v4: This uses a KV Store–based architecture to ingest and correlate indicators, enrich detections, perform workflow actions, automate legacy data migration, and provide monitoring dashboards. For more information, see Cyware Intel Exchange App for Splunk – v4.
Cyware Intel Exchange for Splunk - v3: This enables polling indicators, updating lookup tables, storing logs and lookups, and replacing existing IOCs to prevent duplication. For more information, see Cyware Intel Exchange App for Splunk - v3.