Splunk SOAR | Use | Enrich#
You can enrich the Observable types in the table below in Splunk SOAR with information from your EclecticIQ Intelligence Center (EIQ IC). To do so, choose the action corresponding to the type of the Observable you want to enrich and provide its value.
Splunk SOAR Artifact |
EIQ IC Observable |
|---|---|
Domain reputation |
domain |
Email reputation |
|
File reputation |
file, hash-md5, hash-sha1, hash-sha256, hash-sha512 |
IP reputation |
IPv4 |
URL reputation |
uri |
If the Observable is present in EIQ IC, the response to your enrichment will contain the Observable’s Maliciousness, Source, Created at date and time, as well as the direct URL to this Observable in EIQ IC.