Splunk Enterprise Security

Intelligence feed download by API

fedrooo
Engager

Hi Splunkers,

 

we are tring to integrate our CTI portal to our splunk ES instance by intelligence feed, the situation is this:

the file downloadable is a CSV file by API, with this structure:

<Generic_IoC>, <IoC_Type>, <Timestamp>, <Description>.

NOTE: the Generic_IoC field can be a URL,Mail,Hash,IP, etc...

this file is accessible by a POST API call with in body a string "id=<RANDOM_LENGHT_TOKEN>"

how can we configure ES properly for integrate such information?

 

thank you

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...