All Apps and Add-ons

Which Splunk Threat Intelligence app in splunkbase lets us add our own IoC/ data for searching?

swapsplunk236
Explorer

Hi, Can somebody suggest a threat intel app available (apary from ES) which allows us to add our IOCs for searching matching events.

Thanks.

0 Karma
1 Solution

ekost
Splunk Employee
Splunk Employee

There appear to be several options on Splunkbase, but it'll depend upon the format your IOCs are created in. One that stands out is SA-Splice for ingesting STIX 1.1, CybOX 2.1, OpenIOC 1.0 and 1.1 formats. A quick search on Splunkbase for "IOC" should give you plenty to work with.

Good luck!

View solution in original post

ekost
Splunk Employee
Splunk Employee

There appear to be several options on Splunkbase, but it'll depend upon the format your IOCs are created in. One that stands out is SA-Splice for ingesting STIX 1.1, CybOX 2.1, OpenIOC 1.0 and 1.1 formats. A quick search on Splunkbase for "IOC" should give you plenty to work with.

Good luck!

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...