Splunk Enterprise Security

Applying the built in Splunk ES Threat Intel feeds to a newly imported .CSV Sourcetype.

sampsoc
New Member

I would like to use Splunk ES's built in Threat Feeds to further identify malicious IP Addresses within a .CSV. While i have successfully added this .CSV as a Sourcetype, it would seem that this Threat Intel coverage is somehow detached from this Sourcetype.

I have also added a previously identified malicious IP identified by Splunk ES Threat Intel into the .CSV to know that it should be triggering.

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.