Search and Update Splunk Notable with VirusTotal Enrichment with case management and Microsoft Teams notification

This Story runs when Splunk Correlated Alert fires off in Splunk ES. It will auto-assign a notable event to the progress status, owner, and comment of your choosing. The story demonstrates how to enrich an IP from the Notable in VirusTotal, open a Tines case, and write VirusTotal votes back into the Splunk notable. The analyst will have the option to push the Tines case to ServiceNow through a Tines page upon request.

Tools

Microsoft Teams, Splunk, VirusTotal

How it works

Import this story to your tenant, from where you can adapt it to meet your unique needs.

Import

Was this story helpful?

Get to know Tines

Meet the product

Features & capabilities

Cases

Workbench

AI in Tines

Build apps

What’s new?

Solutions

By product

Professional services

By team

Tines for

Partners

Blog

Tines Blog →

Discover & Learn

Case studies

Library

University

Tines Explained ^↗

Customer center

Join the team

Careers

Company

About

Tines Store ^↗