Hi jawaharas, Yes your understanding is correct
When we get a mail from "Threat hunt team" with details like Attack name, attack sources, IOC's, Hash files, Attack description, Recommendation.
That mail needs to integrate with Splunk and when ever we got mail to our outlook that mail needs to get to splunk and splunk needs to create alert based on the data collected and attached files in the mail. And this IOC's need to be monitored by splunk and we need alert whenever there is an Traffic observed by splunk.
... View more