Splunk SOAR | Use | Ingest

If you’ve set up an Outgoing feed in EclecticIQ Intelligence Center (EIQ IC), you can schedule the On-Poll action to trigger a run of that feed to ingest the Entities and Observables on it into Splunk SOAR (as Events and Artifacts).

For Entities converted to Events the following logic is used:

• Event Title is based on Entity Type and Name

• Event Severity is based on Entity Impact

• Event Sensitivity based on Entity TLP.

Observable related to ingested Entities will be ingested as Artifact and attached to Event.
Artifacts retain Observables’ Value and Maliciousness.