Resolve phishing and malware threats quickly and efficiently
90%
faster resolution of phishing alerts1
75%
reduced analysis time2
~0
false positives in six months3
Security
Splunk Attack Analyzer
Gain automated, comprehensive, end-to-end threat analysis and response to accelerate investigating and remediating active threats.
HOW IT WORKS
Driving immediate insights into active threats
Take the manual work out of threat analysis
Unlike other analysis tools that require manual workflows, Splunk Attack Analyzer automatically follows and performs the actions required to fully execute an attack chain, including clicking and following links, extracting attachments and embedded files, dealing with archives, and much more.
Gain consistent, comprehensive, high-quality threat analysis
The proprietary technology safely executes the intended threat, while providing analysts with a consistent, comprehensive view of the attack’s steps and technical details.
Intelligent automation for end-to-end threat analysis and response
When security teams pair Splunk Attack Analyzer with Splunk SOAR, they gain unique, world-class analysis and response capabilities, making the SOC more efficient and effective in responding to current and future threats.
Get instant insights into malware behavior with AI-powered analysis
The AI-powered malware threat reversing agent instantly summarizes threats — including high-level malware behavior insights and disposition recommendations — and accelerates triage and remediation with step-by-step breakdowns of malicious scripts.
Customer Story
SFBLI Boosts Efficiency and Strengthens Security Posture with Splunk Attack Analyzer
It was a night and day difference between what our current sandboxes were doing and what Splunk Attack Analyzer was doing for us.
75%
reduced analysis time
70%
decrease in file scan time
Customer Story
Splunk SOC Achieves a 7-Minute MTTD for Phishing Attacks With Splunk Attack Analyzer, Splunk SOAR
When we’re dealing with something weird and nebulous and unknown, Attack Analyzer is one of the first tools in the tool belt that we use to help clear up the fog.
90%
faster resolution of phishing alerts
Features
Reduce investigation and response times
Give analysts the context they need to quickly understand the full scope of an incident and determine the appropriate response.
Follow and analyze complex attack chains
Visualize the attack chain without requiring security analysts to conduct manual work.
View detailed threat forensics
Access the technical details of attacks, including a point-in-time archive of threat artifacts from the time of reporting.
Interact with malicious content
Seamlessly generate dedicated, non-attributable environments within Splunk Attack Analyzer to access malicious content, URLs, and files — without compromising the safety of the enterprise.
Integrate directly with Splunk SOAR
Fully automate a complete end-to-end threat analysis and response workflow.
Access a comprehensive API
Integrate threat data into other platforms.
INTEGRATION WITH CISCO TALOS THREAT INTELLIGENCE
Detect ephemeral threats with Cisco Talos intelligence
Frequently asked questions
Splunk Attack Analyzer is a standalone solution dedicated to malware and phishing analysis, whereas Automated Threat Analysis is a native capability built directly into Enterprise Security (ES) Premier. Automated Threat Analysis brings many core threat analysis capabilities that originated in Splunk Attack Analyzer directly into ES Premier, with additional feature enhancements planned for future releases.
Splunk Attack Analyzer automates analysis of suspected malware and credential phishing threats. Unlike other analysis tools that require manual workflows, the solution automatically follows and analyzes each step in complex attack chains to identify and extract forensics and render a verdict to help analysts understand active threats and accelerate investigations.
Splunk Security
Strengthen digital resilience by modernizing your SOC with unified threat detection, investigation, and response.
