I am trying to add Threat Intelligence to my Splunk ES via the HISAC taxii discovery service
I have set up the Intelligence Download with configs:
POST ARGUMENT: collection="" earliest="-90d" taxii_username=""
In the Threat Intel Audit tab, the status is "TAXII feed polling starting" and has not changed.
Does anyone know if this is the correct way to do this?