HI all,
Anyone out there had any benefit from the free Threat intel List in Splunk ES? Its causing alot of noise, I am not sure about the accuracy. Please shed some light someone?
alexa_top_one_million_sites
cisco_top_one_million_sites
emerging_threats_compromised_ip_blocklist
emerging_threats_ip_blocklist
hailataxii_malware
iblocklist_logmein
iblocklist_piratebay
iblocklist_proxy
iblocklist_rapidshare
iblocklist_spyware
iblocklist_tor
iblocklist_web_attacker
icann_top_level_domain_list
local_certificate_intel
local_domain_intel
local_email_intel
local_file_intel
local_http_intel
local_ip_intel
local_process_intel
local_registry_intel
local_service_intel
local_user_intel
malware_domains threatlist_domain
maxmind_geoip_asn_ipv4
maxmind_geoip_asn_ipv6
mozilla_public_suffix_list
phishtank
sans
zeus_bad_ip_blocklist
zeus_standard_ip_blocklist
