Security Operations Centers (SOCs) use SIEMs and tools like Splunk (that include SIEM functionality) for a number of use cases including monitoring alerts and notifications, correlating information from a number of security data sources, and facilitating forensic investigations. By integrating analysis data from a malware sandbox, SOCs and CIRTs (Computer