Enterprise Security- How to Add Threat Intelligen...

qq-stan · ‎07-25-2023

Splunk ES documentation https://docs.splunk.com/Documentation/ES/7.1.1/Admin/Downloadthreatfeed#Add_a_URL-based_threat_sourc... describes how to Add a URL-based threat source and it seems work even with credential using POST. What if I have to use API Key instead of credentials? How to download Threat Intelligence from a remote API using API Keys? From MCAP https://mcap.cisecurity.org/ for instance.

Thank you for your time in advance.

qq-stan · ‎08-07-2023

Thank you, @meetmshah

"Cisco Threat Grid Add-On" is not exactly what I am looking for. My objective is to feed ES with the MCAP threat intelligence from https://mcap.cisecurity.org/ using its API key/token, if that possible.

Thank you for your response.

meetmshah · ‎07-31-2023

Hello @qq-stan, Have you checked https://splunkbase.splunk.com/app/4251 for MCAP?

Enterprise Security- How to Add Threat Intelligence Feed using remote API?

using Enterprise Security

Can’t make it to .conf25? Join us online!

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Customer success is front and center at .conf25

Are you a member of the Splunk Community?