Splunk Enterprise Security

Adding manually downloaded Threat Intel file into Splunk ES

Splunkometry88
Explorer

Hi all

I have a threat feed that is available via using an API key only, I could not see any way to add the API key to the threat intel download option?

I can manually create a CURL command to download the file to the right folder but this will not be registered as an intel file.

Thanks

 

0 Karma
1 Solution

starcher
Influencer

Unfortunately There is no custom download like that. You'd need to write some code like python to download the file. Ensure it is in the right csv format. THEN tell ES to monitor ES/Ingest that file.

View solution in original post

starcher
Influencer

Unfortunately There is no custom download like that. You'd need to write some code like python to download the file. Ensure it is in the right csv format. THEN tell ES to monitor ES/Ingest that file.

First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...