The error says "Threat list download from
https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json
Can not be downloaded. I have contacted the vendor of the App. few times, No go! Please advise.
In case someone else looks at this, if you manually want to place the file:
If you are manually going to download the update, you will grab the raw JSON from https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json Move this to the ES Search Head and place it in $SPLUNK_HOME/var/lib/splunk/modinputs/threatlist/ You will need to save this as mitre_attack for the file name. The mitre_attack file will contain this raw JSON that you downloaded. You should then just be able to run the Threat - Mitre Attack - Lookup Gen saved search and the output in the KV store will be properly populated.
The link works. Have you checked Splunk's logs?
Thank u for your message. The only related info I have seen in the log is "Splunk Enterprise Security suite is not available" which does not make sense. The App is installed on Enterprise Security (ES). Am looking to see if our company has blocked the threat list download link that you tested. I tested it at my company & the link is good. Please advise.