Splunk Enterprise Security

Has anybody made a threat feed to firewall rule?

pradeep577
Path Finder

Hi,

Has anybody tried the below scenario? If yes, can I get some guidance?

Malicious IPs are shown on Splunk dashboard.

I want the script to automatically scan these IP with Virustotal(if possible)...if found malicious, then it would add it to Cisco ASA ACL to block it.

Is this possible?

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!