My organization has splunk cloud and enterprise security.
I was wondering if Splunk is capable of acting as a stix/taxii client so that I can enroll with a threat intelligence provider and have those feeds come directly into splunk. I know splunk has a way for me to upload stix/taxii files but that's manual.
To be clear, I am asking if splunk is able to act as a TAXII client so that it can retrieve STIX formatted threat intelligence automatically. Or will this require a 3rd party service like a Threatconnect or Threatstream?