The Splunk Assets CDF integration queries Splunk to ingest assets and identities related to sighting events. If sighting events were already ingested into ThreatQ using ThreatQuotient App for Splunk then the assets and identities will be related to them.

The integration provides the following feed:

• Splunk Assets - ingests assets and identities related to sighting events.

The integration ingests the following object types:

• Assets
• Events
• Identities
• Indicators