> ## Documentation Index
> Fetch the complete documentation index at: https://docs.threatbook.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Splunk APP - ThreatBook TI

# ThreatBook TI for Splunk

**ThreatBook TI for Splunk** seamlessly integrates with your Splunk environment to provide continuous, high-fidelity threat intelligence enrichment. By connecting to ThreatBook's global intelligence APIs, security operations teams can easily identify, analyze, and pivot on malicious IPs, domains, URLs, and file hashes directly within their Splunk workflows.

## Download & Installation

You can download the app directly from our official Splunkbase page:
👉 **[ThreatBook TI on Splunkbase](https://splunkbase.splunk.com/app/8541)**

## Core Capabilities

### 1. On-Demand SPL Enrichment

Leverage powerful custom SPL commands (`tbcti`) to dynamically query ThreatBook APIs and enrich your security logs in real-time, aiding rapid incident triage.

<img src="https://mintcdn.com/secai-a5d02ac5/Ow9lZozyPucayCah/images/splunkApp/spl_enrichment.png?fit=max&auto=format&n=Ow9lZozyPucayCah&q=85&s=525862fd772ba47f78830fd2bec468c4" alt="" style={{margin: '0 auto', maxWidth: '100%'}} width="3592" height="1802" data-path="images/splunkApp/spl_enrichment.png" />

### 2. Automated Correlation Tasks

Configure periodic, automated index scanning or Splunk CIM Data Model correlation without writing complex code. Proactively hunt for historical and emerging threats in the background.

<img src="https://mintcdn.com/secai-a5d02ac5/Ow9lZozyPucayCah/images/splunkApp/correlation_tasks.png?fit=max&auto=format&n=Ow9lZozyPucayCah&q=85&s=b8d4f22a5a54df44bdfe59b98c8fb52a" alt="" style={{margin: '0 auto', maxWidth: '100%'}} width="3582" height="1752" data-path="images/splunkApp/correlation_tasks.png" />

### 3. Comprehensive Analytics Dashboard

Utilize out-of-the-box analytical dashboards that visualize your organization's threat landscape. Gain deep visibility into IP behaviors, malware families, and malicious domains tied to your infrastructure.

<img src="https://mintcdn.com/secai-a5d02ac5/Ow9lZozyPucayCah/images/splunkApp/analytics_dashboard.png?fit=max&auto=format&n=Ow9lZozyPucayCah&q=85&s=e951cedb9714e4527d0c07781ea9e05f" alt="" style={{margin: '0 auto', maxWidth: '100%'}} width="3574" height="1906" data-path="images/splunkApp/analytics_dashboard.png" />

### 4. Efficient Caching & Enterprise Readiness

Built with enterprise environments in mind. Features a highly customizable local KVStore cache to accelerate analytics and reduce redundant API calls, along with full proxy support and compatibility for Search Head and Indexer Clusters.

<img src="https://mintcdn.com/secai-a5d02ac5/Ow9lZozyPucayCah/images/splunkApp/app_configuration.png?fit=max&auto=format&n=Ow9lZozyPucayCah&q=85&s=231f1a4821c2e479f429e010c05e1e52" alt="" style={{margin: '0 auto', maxWidth: '100%'}} width="3594" height="1816" data-path="images/splunkApp/app_configuration.png" />

## Get Started

1. Download the App from [Splunkbase](https://splunkbase.splunk.com/app/8541).
2. Deploy onto your Splunk instance (Standalone, Indexer Cluster, or Search Head Cluster).
3. Navigate to the App configuration settings and input your ThreatBook API key to begin enriching your data.

*For comprehensive instruction guides, please refer to the detailed user manuals available from Threatbook team.*