Hi, Can somebody suggest a threat intel app available (apary from ES) which allows us to add our IOCs for searching matching events.
Thanks.
There appear to be several options on Splunkbase, but it'll depend upon the format your IOCs are created in. One that stands out is SA-Splice for ingesting STIX 1.1, CybOX 2.1, OpenIOC 1.0 and 1.1 formats. A quick search on Splunkbase for "IOC" should give you plenty to work with.
Good luck!
There appear to be several options on Splunkbase, but it'll depend upon the format your IOCs are created in. One that stands out is SA-Splice for ingesting STIX 1.1, CybOX 2.1, OpenIOC 1.0 and 1.1 formats. A quick search on Splunkbase for "IOC" should give you plenty to work with.
Good luck!