Splunk

Splunk Intelligence Management API

The Splunk Intelligence Management (formerly ThreatStream) API provides REST v2.0 endpoints for managing threat intelligence data including indicators, observables, and intelligence sources. It supports STIX and TAXII formats for sharing cyber threat intelligence over HTTPS.

GitHub

Documentation

📖
Documentation
https://docs.splunk.com/Documentation/SIM/current/Develop/RESTv20
📖
Documentation
Threat Intel Sources
📖
Documentation
Usage Policy

API entry from apis.yml

apis.yml Raw ↑ 
aid: splunk:splunk-intelligence-management-api
name: Splunk Intelligence Management API
description: The Splunk Intelligence Management (formerly ThreatStream) API provides REST v2.0 endpoints
  for managing threat intelligence data including indicators, observables, and intelligence sources. It
  supports STIX and TAXII formats for sharing cyber threat intelligence over HTTPS.
humanURL: https://docs.splunk.com/Documentation/SIM/current/Develop/RESTv20
tags:
- Indicators
- Security
- STIX
- TAXII
- Threat Intelligence
properties:
- type: Documentation
  url: https://docs.splunk.com/Documentation/SIM/current/Develop/RESTv20
- type: Documentation
  url: https://docs.splunk.com/Documentation/SIM/current/User/Threatintelsources
  title: Threat Intel Sources
- type: Documentation
  url: https://docs.splunk.com/Documentation/SIM/current/Intro/UsagePolicy
  title: Usage Policy