Hi Splunkers,
we are tring to integrate our CTI portal to our splunk ES instance by intelligence feed, the situation is this:
the file downloadable is a CSV file by API, with this structure:
<Generic_IoC>, <IoC_Type>, <Timestamp>, <Description>.
NOTE: the Generic_IoC field can be a URL,Mail,Hash,IP, etc...
this file is accessible by a POST API call with in body a string "id=<RANDOM_LENGHT_TOKEN>"
how can we configure ES properly for integrate such information?
thank you