Part 1: Obtain a Threat Intelligence Management (Cloud) tenant

Follow these steps to obtain a tenant:

  1. Choose an AWS region for the Threat Intelligence Management (Cloud) tenant to reside in.
    See Threat Intelligence Management (Cloud) availability to find the available regions.
    Note: If your organization is unable to use any of the currently-supported regions, communicate your desired AWS region to your Splunk representatives. Wait to complete the tenant request process until after that region is supported. It’s not possible to create a new tenant for the same organization in a different region, and it’s not possible to migrate a tenant from one region to another.
  2. Contact your Splunk account management team and request to initiate the process for obtaining a tenant.
    Communicate your AWS region preference to your account management team.
  3. Complete any additional required forms as instructed by your Splunk account management team.
  4. Confirm with your Splunk account management team the user designated as the authorized “ship to” contact for your organization.
    Note: Wait for the Splunk Cloud Services system to send the tenant welcome email to the “ship-to” contact. The “ship to” contact is often someone in your organization’s legal, accounting, or finance department, and not a member of the security team.
  5. Notify the “ship-to” contact that they’ll receive an email from Splunk welcoming them to a Splunk Cloud Services tenant.
    You’ll need their assistance completing the following steps after they receive the email.
  6. Ensure the “ship-to” contact completes the following steps:
    1. Log in to the Splunk Cloud Services tenant.
    2. Create admin accounts in the tenant for the appropriate security team members.
      Doing so allows them to manage threat intelligence tools. See Add an admin to your Splunk Cloud Services tenant.
      Note: The welcome email expires 30 days after it’s sent. As an administrator, you must complete the pairing process before the email expires. Otherwise you must submit a support ticket to request another welcome email.
  7. (Optional) Delete the Splunk Cloud Services admin account for the “ship-to” contact if your organization doesn’t want to grant them admin-level access to the tenant.
    You no longer need their Splunk Cloud Services user account in the tenant.

After you’ve obtained a Threat Intelligence Management (Cloud) tenant, begin Part 2: Pair in Splunk Enterprise Security.