Add-on for Open Threat Exchange

anandhalagaras1 · ‎10-14-2020

Hi Team,

We are using Splunk Cloud in our environment. And there is a requirement from our Security team to install the below mentioned Add-On (OTX) into Splunk Cloud.

https://splunkbase.splunk.com/app/4336/

When i checked it seems to be not supported with Splunk Cloud. So we are having Splunk Heavy Forwarder running with 7.3.1 version. So can I install the Add-on into Heavy Forwarder ?

Kindly confirm.

Also if we can install then with the API key value can we ingest the logs into Splunk? Since i have the API key with me can you let me know with the configuration's stuffs.

It will be really helpful if anyone has some documentation for the same.

richgalloway · ‎10-14-2020

That app seems appropriate for a heavy forwarder. Version 7.3.1 is not listed as supported, but that's probably because the app hasn't been touched since before 7.3.1 came out. Be sure to test the app in Dev before using it in production.

You will need to go to the Universal Forwarder app in your Splunk Cloud instance and download the credentials app. Install the app on the HF. Then install the OTX app.

---
If this reply helps you, Karma would be appreciated.

Add-on for Open Threat Exchange

using Splunk Cloud

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!