I was wondering if anybody had already intergrated IOCs or plan to intergrate them with Splunk?
Made it with a week to spare. 🙂
I just submitted the app. It seemed to work but the link isn't up yet . . . so I'm guessing someone needs to approve it?
Anyway, here's the link:
I'm currently onsite with a customer and we have just created a TA to ingest Mandiant data which is in Open IOC format. The customer has said they will be submitting the TA soon for publishing. Check back in a month.
Excellent, that is great news