Security Programs • Room 1

Threat Intelligence Framework

Integrating external intelligence feeds ensures your detections catch known bad actors instantly.

The Threat Intelligence framework handles download, parsing, and KV store ingestion automatically for formats like STIX, TAXII, and CSV.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

❤️❤️❤️

Question 1 of 1

Which underlying Splunk technology stores the indicators of compromise downloaded by the Threat Intelligence Framework so they can be rapidly searched?

AThe default `main` index

BKV Store Collections

CA dedicated Oracle database

DThe local filesystem `/tmp` directory