Need help please. Threat list for MITRE ATT&CK fro...

SamHTexas · ‎10-13-2021

The error says "Threat list download from

https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json

Can not be downloaded. I have contacted the vendor of the App. few times, No go! Please advise.

XOJ · ‎05-25-2022

In case someone else looks at this, if you manually want to place the file:

If you are manually going to download the update, you will grab the raw JSON from https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json Move this to the ES Search Head and place it in $SPLUNK_HOME/var/lib/splunk/modinputs/threatlist/ You will need to save this as mitre_attack for the file name. The mitre_attack file will contain this raw JSON that you downloaded. You should then just be able to run the Threat - Mitre Attack - Lookup Gen saved search and the output in the KV store will be properly populated.

richgalloway · ‎10-13-2021

The link works. Have you checked Splunk's logs?

---
If this reply helps you, Karma would be appreciated.

SamHTexas · ‎10-13-2021

Thank u for your message. The only related info I have seen in the log is "Splunk Enterprise Security suite is not available" which does not make sense. The App is installed on Enterprise Security (ES). Am looking to see if our company has blocked the threat list download link that you tested. I tested it at my company & the link is good. Please advise.

Need help please. Threat list for MITRE ATT&CK from the following link not working. Thanks a million

using Enterprise Security

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...