Splunk Enterprise Security

Default Threat Intelligence feeds not visible in ES


As per ES official documentation, it says below threat intel feeds are enabled by default. 

  • Mozilla Public Suffix List
  • MITRE ATT&CK Framework
  • ICANN Top-level Domains List

In addition it also mentions these are  included



But when i check in our ES app settings >> Threat Intel management page, i see only 3 feeds as below.  Where are those default feeds mentioned above ?



Labels (2)
0 Karma
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...