https://community.splunk.com/t5/Knowledge-Management/Splunk-ES-Threat-Intelligence/m-p/363704#M5505 <P>My question is in regards to the KVs in splunk ES.<BR /> Since i am not a admin just a user, I have uploaded few Look up tables and outputting them into the local_http_ip or local_ip_intel file. I am able to do that successfully. Now my question is does http_intel or ip_intel suppose to automatically pull that information from the local csv? IF so, then how often is supposed to do that. </P> <P>Also, I have found another way of uploading my csv by configure&gt;data enrich&gt; Threat intel uploads. It get uploaded to he KV store and i can see event being generated in threat intel activity platfom but the issue with that it does not provide to much content about the IOCs. where in the csv i have information about the IOC. </P> <P>Does anyone know a better way of doing this? </P> Tue, 29 Sep 2020 17:59:46 GMT AbubakarShahid 2020-09-29T17:59:46Z https://community.splunk.com/t5/Knowledge-Management/Splunk-ES-Threat-Intelligence/m-p/363704#M5505 <P>My question is in regards to the KVs in splunk ES.<BR /> Since i am not a admin just a user, I have uploaded few Look up tables and outputting them into the local_http_ip or local_ip_intel file. I am able to do that successfully. Now my question is does http_intel or ip_intel suppose to automatically pull that information from the local csv? IF so, then how often is supposed to do that. </P> <P>Also, I have found another way of uploading my csv by configure&gt;data enrich&gt; Threat intel uploads. It get uploaded to he KV store and i can see event being generated in threat intel activity platfom but the issue with that it does not provide to much content about the IOCs. where in the csv i have information about the IOC. </P> <P>Does anyone know a better way of doing this? </P> Tue, 29 Sep 2020 17:59:46 GMT https://community.splunk.com/t5/Knowledge-Management/Splunk-ES-Threat-Intelligence/m-p/363704#M5505 AbubakarShahid 2020-09-29T17:59:46Z