Splunk Enterprise Security

Adding manually downloaded Threat Intel file into Splunk ES

Explorer

Hi all

I have a threat feed that is available via using an API key only, I could not see any way to add the API key to the threat intel download option?

I can manually create a CURL command to download the file to the right folder but this will not be registered as an intel file.

Thanks

 

0 Karma
1 Solution

SplunkTrust
SplunkTrust

Unfortunately There is no custom download like that. You'd need to write some code like python to download the file. Ensure it is in the right csv format. THEN tell ES to monitor ES/Ingest that file.

View solution in original post

SplunkTrust
SplunkTrust

Unfortunately There is no custom download like that. You'd need to write some code like python to download the file. Ensure it is in the right csv format. THEN tell ES to monitor ES/Ingest that file.

View solution in original post