Splunk Enterprise Security

Splenk ES Threat Intel - Any help or Benefit ?

New Member

HI all,

Anyone out there had any benefit from the free Threat intel List in Splunk ES? Its causing alot of noise, I am not sure about the accuracy. Please shed some light someone?

alexa_top_one_million_sites

cisco_top_one_million_sites

emerging_threats_compromised_ip_blocklist

emerging_threats_ip_blocklist

hailataxii_malware

iblocklist_logmein

iblocklist_piratebay

iblocklist_proxy

iblocklist_rapidshare

iblocklist_spyware

iblocklist_tor

iblocklist_web_attacker

icann_top_level_domain_list

local_certificate_intel

local_domain_intel

local_email_intel

local_file_intel

local_http_intel

local_ip_intel

local_process_intel

local_registry_intel

local_service_intel

local_user_intel

malware_domains threatlist_domain

maxmind_geoip_asn_ipv4

maxmind_geoip_asn_ipv6

mozilla_public_suffix_list

phishtank

sans

zeus_bad_ip_blocklist

zeus_standard_ip_blocklist

0 Karma

SplunkTrust
SplunkTrust

No. None of the included lists are of value. You are better off seeking sources within your industry such as ISACs etc

0 Karma

New Member

Thanks Mate. Do you have any other recommendations that you may possibly use in your environment?

0 Karma