Splunk Enterprise Security

Applying the built in Splunk ES Threat Intel feeds to a newly imported .CSV Sourcetype.

sampsoc
New Member

I would like to use Splunk ES's built in Threat Feeds to further identify malicious IP Addresses within a .CSV. While i have successfully added this .CSV as a Sourcetype, it would seem that this Threat Intel coverage is somehow detached from this Sourcetype.

I have also added a previously identified malicious IP identified by Splunk ES Threat Intel into the .CSV to know that it should be triggering.

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!