1st time configuring a feed in the Splunk App for Enterprise Security and I'm spinning my wheels. HELP 🙂 I have the Soltra server running and downloading the FS-ISAC feed, but how to I set it up in Splunk? By setup, I mean syntax in the Splunk URL & post arguments.
Thanks in advance!
Did you ever make progress on this? I just started building out my Soltra box with the idea to do the same thing. As I run across more relevant info I'll post here.