Splunk Enterprise Security

Splenk ES Threat Intel - Any help or Benefit ?

siddh01r
New Member

HI all,

Anyone out there had any benefit from the free Threat intel List in Splunk ES? Its causing alot of noise, I am not sure about the accuracy. Please shed some light someone?

alexa_top_one_million_sites

cisco_top_one_million_sites

emerging_threats_compromised_ip_blocklist

emerging_threats_ip_blocklist

hailataxii_malware

iblocklist_logmein

iblocklist_piratebay

iblocklist_proxy

iblocklist_rapidshare

iblocklist_spyware

iblocklist_tor

iblocklist_web_attacker

icann_top_level_domain_list

local_certificate_intel

local_domain_intel

local_email_intel

local_file_intel

local_http_intel

local_ip_intel

local_process_intel

local_registry_intel

local_service_intel

local_user_intel

malware_domains threatlist_domain

maxmind_geoip_asn_ipv4

maxmind_geoip_asn_ipv6

mozilla_public_suffix_list

phishtank

sans

zeus_bad_ip_blocklist

zeus_standard_ip_blocklist

0 Karma

starcher
Influencer

No. None of the included lists are of value. You are better off seeking sources within your industry such as ISACs etc

0 Karma

siddh01r
New Member

Thanks Mate. Do you have any other recommendations that you may possibly use in your environment?

0 Karma
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...