OpenCTI Add-on for Splunk

Siem & Analytics

Overview

The OpenCTI Add-on for Splunk enables real-time indicator ingestion through live streams and allows analysts to trigger OpenCTI actions directly from Splunk alerts.

The OpenCTI Add-on for Splunk allows users to interconnect their Splunk environment with the OpenCTI platform. This integration enables security teams to enhance their detection and response workflows by leveraging OpenCTI's threat intelligence directly within Splunk.

Key capabilities include:

Live Stream Indicator Ingestion: Ingest indicators exposed through OpenCTI live streams in real-time, ensuring your Splunk environment continuously receives the latest threat intelligence
Alert-based Actions: Trigger OpenCTI actions in response to Splunk alerts, enabling automated threat intelligence operations based on security events detected in your SIEM
Direct Investigation in OpenCTI: Investigate alerts directly in the OpenCTI platform from Splunk, providing analysts with immediate access to enriched threat context and collaborative investigation capabilities

Basic information

Organization

Filigran

Author

Nino Rowlands

Type

Third party integrations

Subtype

Detection (SIEM, XDR & EDR)

Last updated atJanuary 26, 2026

Vendor URLhttps://splunkbase.splunk.com/app/7485

Github URLhttps://github.com/OpenCTI-Platform/splunk-add-on

Product minimum version6.2.0

Downloads0

Shares0