Where is it used?
  • Splunk can start a Cyber Triage endpoint investigation when an alert is generated.
  • Cyber Triage results can be imported into Splunk so that the data is available for future alert triage.
Why is it useful?
  • Allows users to more quickly start the investigation and makes the best use of responder’s time.
  • Users will have more context when they investigate similar alerts in the future. They will know how common a process is or where else it was seen, for example.
Visit site