Archive

How to create a rule that does a search against phishtank.com

Explorer

basically i want to be able to search if users have visited sites that are listed in phishtank.

Tags (1)
Highlighted

Re: How to create a rule that does a search against phishtank.com

SplunkTrust
SplunkTrust

Sounds like a job for a scripted lookup. Write a script that performs a query against whatever API phishtank has, and set that up as a lookup for your data.

0 Karma
Highlighted

Re: How to create a rule that does a search against phishtank.com

Path Finder

This would make a great TA. If I have time I might even have a go a writing one myself.

0 Karma
Highlighted

Re: How to create a rule that does a search against phishtank.com

Splunk Employee
Splunk Employee

The Phishing Lookup app will enable this use case for you.

View solution in original post

Highlighted

Re: How to create a rule that does a search against phishtank.com

SplunkTrust
SplunkTrust

The link in that blog is broken, apparently http://apps.splunk.com/app/995/ is correct... there's a colon missing after http.

0 Karma
Highlighted

Re: How to create a rule that does a search against phishtank.com

Splunk Employee
Splunk Employee

Right you are, @martin_mueller, I'll ping the blog post author and ask him to fix the link.

0 Karma