Splunk Enterprise Security

Enterprise Security threatList ???

kedjjang
Path Finder
  1. On the home screen of Enterprise Security > Setting > Data Model, there are a number of data model lists. Which field should I pick to utilize Threatlist?

2.I would like to register some Threatlists. How can I do this? If there is the answer in the user manual, please let me know where I can find.

0 Karma
1 Solution

mdessus_splunk
Splunk Employee
Splunk Employee

Hello,
I'm not sure what you mean by "using Threat List", anyway, threat lists are lookup based. So if, you might use the wizard to create correlation searches (or just help you to create searches), like | inputlookup append=T threatintel_by_cidr (it's in Configure, General, Custom searches).

For adding Threat lists, it's easy, just go to Configure, Data enrichment, Threat intelligence downloads (in v3.3).

View solution in original post

0 Karma

mdessus_splunk
Splunk Employee
Splunk Employee

Hello,
I'm not sure what you mean by "using Threat List", anyway, threat lists are lookup based. So if, you might use the wizard to create correlation searches (or just help you to create searches), like | inputlookup append=T threatintel_by_cidr (it's in Configure, General, Custom searches).

For adding Threat lists, it's easy, just go to Configure, Data enrichment, Threat intelligence downloads (in v3.3).

0 Karma