Splunk Enterprise Security

How to create a correlation search from a threat intelligence feed

smote01
New Member

I wanted to take malicious IP's/URL's that the threat Intel feeds provides and compare them against logs/traffic we see in Splunk and create an alert.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!