A U.S.-based finance company faced challenges in efficiently correlating vast amounts of threat intelligence data, leading to alert fatigue and reduced productivity. To address this, they integrated Silent Push with Splunk, which provided enriched threat data for better insights and quicker responses to potential threats. This resulted in reduced false positives and improved operational metrics like Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). Affected: finance sector
Keypoints :
- A leading U.S. finance company struggled with correlating large amounts of threat intelligence data using Splunk.
- The organization aimed to reduce alert fatigue and improve productivity by minimizing false positives.
- Integration of Silent Push with Splunk was implemented to enhance data correlation.
- Silent Push offers enriched threat data for both starting new investigations and corroborating existing findings.
- Key data types include domain risk scores, WHOIS information, reputation scores, and IOFA™ feeds.
- The solution allowed for quicker monitoring and blocking of known and hidden threat infrastructures.
- Custom dashboards provided a comprehensive view of the attack landscape and validated new indicators.
- Improvements in key operational metrics such as MTTD and MTTR were realized post-integration.
MITRE Techniques :
- Prevention (T1571): Leveraging integration to prevent attacks before they manifest.
- Data Enrichment (T1071.001): Utilizing Silent Push to enrich threat data with domain and IP context.
- Threat Intelligence Integration (T1405): Correlating Silent Push data with existing Splunk threat intelligence sources for complete visibility.
Indicator of Compromise :
- [Domain] malicious-infrastructure.com
- [IP Address] 192.168.1.1
- [Email Address] [email protected]
- [Domain] hidden-threats.com
- [Domain] known-malicious.com
Views: 31