Getting Data In

TAXII 2.1 Inputs (Without Splunk Enterprise Security)

himynamesdave
Contributor

Hi all!

I know ES ships with a TAXII client to ingest threat intel over TAXII.

Does anything exist for users who do not have ES?

I am trying to ingest intel (in STIX 2.1) being distributed via a TAXII 2.1 server to Splunk.

Thanks!

Labels (1)
0 Karma

himynamesdave
Contributor

Thanks, yep, understood @PickleRick 

I was wondering if anything existed before building anything. e.g. https://splunkbase.splunk.com/app/2637/ for 2.x versions

I guess I'll take a deeper look at building something new then. Give this post an upvote if you're looking for something similar, and I'll bump it up in terms of my priorities. 

0 Karma

PickleRick
SplunkTrust
SplunkTrust

You can always pull stix from taxii feed yourself using your favourite scripting/programming language and push results to splunk...

0 Karma
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...