Archive

threat_intelligence_manager as input in the inputs.conf file

Path Finder

I see the following stanza in my SplunkEnterpriseSecurity app's inputs.conf file. (added by splunk professional)

[threatintelligencemanager://]
...

What is that and where is it coming from? I can't find any details on any this input in the inputsconf documentation. https://docs.splunk.com/Documentation/Splunk/6.5.3/Admin/Inputsconf. Where would I find stuffs to read further about it?

Tags (1)
0 Karma
1 Solution

Splunk Employee
Splunk Employee

That stanza is managed by the threat_intelligence_manager.py modular input. You can read more on the Threat Intelligence framework in Splunk ES here: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBC

View solution in original post

Splunk Employee
Splunk Employee

That stanza is managed by the threat_intelligence_manager.py modular input. You can read more on the Threat Intelligence framework in Splunk ES here: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBC

View solution in original post