I installed the app and added the key in scorelookup.py.
What to do next ?
I tried a search "dstport 80 | rename srcip as clientip" and don't have the threatscore field.
Any idea ?
you also need to define dst_port=80 with = that is Splunk common search syntax.
dst_port=80 | lookup threatscore clientip as src_ip
no renaming required if you write "as src_ip"