building-threat-intelligence-enrichment-in-splunk
mukul975/Anthropic-Cybersecurity-Skills
This guide details how to build automated threat intelligence enrichment pipelines within Splunk Enterprise Security. By leveraging the Threat Intelligence Framework, users can ingest, normalize, and correlate Indicators of Compromise (IOCs) from diverse external sources (such as TAXII, CSV, and custom APIs). The process uses KV Store collections and lookup searches to enrich raw security events with critical threat context, significantly reducing triage time for SOC teams.
