I wanted to take malicious IP's/URL's that the threat Intel feeds provides and compare them against logs/traffic we see in Splunk and create an alert.