After a Splunk Enterprise Security deployment is paired with the Threat Intelligence Management (Cloud) system, the app sends all observables found in findings and investigations to the Threat Intelligence Management (Cloud) system and searches for threat intelligence enrichment about those observables. If the use and search of all observables is not acceptable or allowed by your organization, do not request access to the Threat Intelligence Management (Cloud) system.

See Splunk’s Product Compliance Programs for information about the compliance certifications and attestations applicable to the Threat Intelligence Management (Cloud) system. If your organization and Splunk Enterprise Security deployment requires cloud services with compliance standards not met by Threat Intelligence Management (Cloud), do not access or use the Threat Intelligence Management (Cloud) system.