Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk ES Threat Intelligence

AbubakarShahid
New Member
‎02-09-2018 01:29 PM

My question is in regards to the KVs in splunk ES.
Since i am not a admin just a user, I have uploaded few Look up tables and outputting them into the local_http_ip or local_ip_intel file. I am able to do that successfully. Now my question is does http_intel or ip_intel suppose to automatically pull that information from the local csv? IF so, then how often is supposed to do that.

Also, I have found another way of uploading my csv by configure>data enrich> Threat intel uploads. It get uploaded to he KV store and i can see event being generated in threat intel activity platfom but the issue with that it does not provide to much content about the IOCs. where in the csv i have information about the IOC.

Does anyone know a better way of doing this?

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...