Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Default Threat Intelligence feeds not visible in ES

neerajs_81
Builder
‎10-05-2021 11:08 PM

Hello,
As per ES official documentation, it says below threat intel feeds are enabled by default. 

  • Mozilla Public Suffix List
  • MITRE ATT&CK Framework
  • ICANN Top-level Domains List

In addition it also mentions these are  included

neerajs_81_1-1633500461436.png

 

But when i check in our ES app settings >> Threat Intel management page, i see only 3 feeds as below.  Where are those default feeds mentioned above ?

neerajs_81_0-1633500373811.png

 

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 3)

Welcome back to Splunk Classroom Chronicles, our ongoing blog series that pulls back the curtain on Splunk ...

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Optimizing SOC workflows with a unified, risk-based approach to Threat Detection, Investigation, and Response ...

Almost Too Eventful Assurance: Part 1

Modern IT and Network teams still struggle with too many alerts and isolating issues before they are notified. ...