Splunk Enterprise Security

IBM X-force Threat Intelligence feed integration with Splunk ES

Path Finder

Can some one please help if you have any document on how to integrate the IBM X-force Threat intelligence feed with Splunk ES.

0 Karma

Splunk Employee
Splunk Employee

ES has a threat intel framework you can use to onboard the data:
https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/threatintelligenceframework/

I'm not entirely familiar with how IBM exposes their threat feed, but the ES framework is very robust and should be pretty straightforward to do.

0 Karma