- Splunk Answers
- :
- Splunk Premium Solutions
- :
- Security Premium Solutions
- :
- Splunk Enterprise Security
- :
- ESS 1.1.2 lookups
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SANS block list
[sans_blocklist_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=sans_blocklist.csv
external_type = python
fields_list = src,src_ip,src_is_sans,src_country,dest,dest_ip,dest_is_sans,dest_country
bogon list
[bogonlist_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=bogonlist.csv
external_type = python
fields_list = src,src_ip,src_is_bogon,src_is_internal,dest,dest_ip,dest_is_bogon,dest_is_internal
spyware associated IP address list
[ip_spyware_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=ip_spywarelist.csv
external_type = python
fields_list = src,src_ip,src_description,src_is_spyware,dest,dest_ip,dest_description,dest_is_spyware
proxy associated IP address list
[ip_proxy_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=ip_proxylist.csv
external_type = python
fields_list = src,src_ip,src_is_proxy,dest,dest_ip,dest_is_proxy
web-attacker associated IP address list
[ip_webattacker_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=ip_webattackerlist.csv
external_type = python
fields_list = src,src_ip,src_description,src_is_web_attacker,dest,dest_ip,dest_description,dest_is_web_attacker
RapidShare associated IP address list
[ip_rapidshare_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=ip_rapidsharelist.csv
external_type = python
fields_list = src,src_ip,src_is_rapidshare,dest,dest_ip,dest_is_rapidshare
LogMeIn associated IP address list
[ip_logmein_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=ip_logmeinlist.csv
external_type = python
fields_list = src,src_ip,src_is_logmein,dest,dest_ip,dest_is_logmein
PirateBay associated IP address list
[ip_piratebay_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=ip_piratebaylist.csv
external_type = python
fields_list = src,src_ip,src_is_piratebay,dest,dest_ip,dest_is_piratebay
Tor associated IP address list
[ip_tor_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=ip_torlist.csv
external_type = python
fields_list = src,src_ip,src_is_tor,dest,dest_ip,dest_is_tor
Prohibited services
[prohibited_services_lookup]
filename = prohibited_services.csv
Prohibited processes
[prohibited_processes_lookup]
filename = prohibited_processes.csv
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SANS block list
[sans_blocklist_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=sans_blocklist.csv
external_type = python
fields_list = src,src_ip,src_is_sans,src_country,dest,dest_ip,dest_is_sans,dest_country
bogon list
[bogonlist_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=bogonlist.csv
external_type = python
fields_list = src,src_ip,src_is_bogon,src_is_internal,dest,dest_ip,dest_is_bogon,dest_is_internal
spyware associated IP address list
[ip_spyware_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=ip_spywarelist.csv
external_type = python
fields_list = src,src_ip,src_description,src_is_spyware,dest,dest_ip,dest_description,dest_is_spyware
proxy associated IP address list
[ip_proxy_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=ip_proxylist.csv
external_type = python
fields_list = src,src_ip,src_is_proxy,dest,dest_ip,dest_is_proxy
web-attacker associated IP address list
[ip_webattacker_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=ip_webattackerlist.csv
external_type = python
fields_list = src,src_ip,src_description,src_is_web_attacker,dest,dest_ip,dest_description,dest_is_web_attacker
RapidShare associated IP address list
[ip_rapidshare_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=ip_rapidsharelist.csv
external_type = python
fields_list = src,src_ip,src_is_rapidshare,dest,dest_ip,dest_is_rapidshare
LogMeIn associated IP address list
[ip_logmein_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=ip_logmeinlist.csv
external_type = python
fields_list = src,src_ip,src_is_logmein,dest,dest_ip,dest_is_logmein
PirateBay associated IP address list
[ip_piratebay_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=ip_piratebaylist.csv
external_type = python
fields_list = src,src_ip,src_is_piratebay,dest,dest_ip,dest_is_piratebay
Tor associated IP address list
[ip_tor_lookup]
external_cmd = assetLookup.py assetFields=src,dest debug=False app=SA-ThreatIntelligence file=ip_torlist.csv
external_type = python
fields_list = src,src_ip,src_is_tor,dest,dest_ip,dest_is_tor
Prohibited services
[prohibited_services_lookup]
filename = prohibited_services.csv
Prohibited processes
[prohibited_processes_lookup]
filename = prohibited_processes.csv
Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!
Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration
Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users
