Retrieving APT Intelligence reports
After you get the reputation of an indicator, you can retrieve a related APT report by using Kaspersky Threat Intelligence Portal for Splunk Phantom.
To retrieve an APT report from Kaspersky Threat Intelligence Portal,
In the form that contains the response from Kaspersky Threat Intelligence Portal about the indicator, expand get reports and click the identifier of a report.
The APT report data is now displayed in Splunk Phantom.
APT report information
The table below describes APT report data that Splunk Phantom displays.
APT report data
KL TIP response field |
Splunk Phantom field |
Description |
name |
APT Report name |
APT report name. |
- |
APT Report link |
Link to the APT report in Kaspersky Threat Intelligence Portal. |
desc |
APT Report description |
APT report description. |
tags_geo |
APT Report GEO tag |
Data contained in the |
tags_industry |
APT Report industry tag |
Data contained in the |
tags_actors |
APT Report actors tag |
Data contained in the |