Splunk Enterprise Security

Sonultra TAXII Feed into Splunk ES


I am trying to add Threat Intelligence to my Splunk ES via the HISAC taxii discovery service

I have set up the Intelligence Download with configs:
TYPE: taxii
URL: https://members.nhisac.org/taxii-discovery-service

POST ARGUMENT: collection="" earliest="-90d" taxii_username=""

In the Threat Intel Audit tab, the status is "TAXII feed polling starting" and has not changed.

Does anyone know if this is the correct way to do this?

0 Karma