TISC integration with Splunk
The integration between the Threat Intelligence Security Center (TISC) and Splunk lets you filter and pull relevant threat intelligence observables data into Splunk.In Splunk, you can use this data to generate security alerts.
Role required: Splunk admin
Using the TISC add-on application, you can configure the interval at which you can pull observables from ServiceNow TISC instance.
This interval determines how frequently the application can make requests to ServiceNow and retrieve the observables data. Define and apply filters to specify the observables to pull from the ServiceNow TISC instance.
After the observables are pulled from ServiceNow, the observables data is stored in Splunk Key-Value Store (KV Store) and you can further write the correlation rules over the set of observables retrieved.