Failing to add Threat Intelligence Feed to Splunk ...

splunker21666 · ‎04-06-2021

Hi

I would like to add an additional Threat Intelligence Feed to the collection of the Intelligence Downloads in Enterprise Security.
The Service-URL needs to have an authorization header to allow the HTTPS call.
So far i can't find any options within Intelligence Download Settings to add a custom HTTP-header with authorization Information like an API key.

Is there any option in the Standard configuration of Intelligence Downloads to add a custom HTTP-Header to the requests?

Or is there another extended configuration possibility?

Thx for feedback.

EdE · ‎06-04-2025

Years later, same question.

It seems to be not possible to configure custom http headers.

It's mandatory for us to consume a Threat Intelligence Feed where basic auth is not supported.

Is there a different way to get this issue solved somehow?

Failing to add Threat Intelligence Feed to Splunk Enterprise Security with custom HTTP Authorization Header

configuration

using Enterprise Security

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Are you a member of the Splunk Community?