How it works

Take the manual work out of threat analysis

Splunk Attack Analyzer automatically performs the actions required to fully execute an attack chain, including clicking and following links, extracting attachments and embedded files, dealing with archives, and much more.

Gain consistent, comprehensive, high-quality threat analysis

The proprietary technology safely executes the intended threat, while providing analysts a consistent, comprehensive view showing the technical details of an attack.

Intelligent automation for end-to-end threat analysis and response

When paired together, Splunk Attack Analyzer and Splunk SOAR provide unique, world-class analysis and response capabilities, making the SOC more effective and efficient in responding to current and future threats.

Features

Leverage multiple layers of detection techniques across both credential phishing and malware.

Interact with malicious content

Seamlessly generate dedicated, non-attributable environments within Splunk Attack Analyzer in order to access malicious content, URLs and files - without compromising the safety of the analyst or enterprise. 

View detailed threat forensics

Access the technical details of attacks, including a point-in-time archive of threat artifacts from the time of reporting.

Integrate directly with Splunk SOAR

Fully automate a complete end-to-end threat analysis and response workflow.

Uplevel threat hunting capabilities

Seamlessly investigate suspected threats by automatically accessing associated technical context, without wasting time.

Follow and analyze complex attack chains

Visualize the attack chain without requiring security analysts to conduct manual work.

Access to a comprehensive API

Integrate threat data into other platforms.