Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Group-IB Threat Intelligence

somari
Explorer
‎12-17-2023 02:57 AM

Hi Splunkers,

 

we have ingested Threat Intelligence Feeds from Group-IB  into Splunk, we want to benefit from this data as much as possible.

 

I want to understand how Splunk ES consumes this data? Do we need to enforce Splunk ES to use this data and alert us in case a match happens or Splunk ES uses this data without our interaction?

are we required to create custom correlation rules and configure the adaptive response action or what?

0 Karma
Reply

aholzel
Communicator
‎01-10-2024 02:06 AM

see my answer here: https://community.splunk.com/t5/Splunk-Enterprise-Security/threat-intelligence/m-p/673449#M11868 

0 Karma
Reply
Get Updates on the Splunk Community!

Changes to Splunk Instructor-Led Training Completion Criteria

We’re excited to share an update to our instructor-led training program that enhances the learning experience ...

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

❄️ Welcome the new year with our January lineup of Community Office Hours, Tech Talks, and Webinars! 🎉 ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...