Splunk Enterprise Security

Splenk ES Threat Intel - Any help or Benefit ?

siddh01r
New Member

HI all,

Anyone out there had any benefit from the free Threat intel List in Splunk ES? Its causing alot of noise, I am not sure about the accuracy. Please shed some light someone?

alexa_top_one_million_sites

cisco_top_one_million_sites

emerging_threats_compromised_ip_blocklist

emerging_threats_ip_blocklist

hailataxii_malware

iblocklist_logmein

iblocklist_piratebay

iblocklist_proxy

iblocklist_rapidshare

iblocklist_spyware

iblocklist_tor

iblocklist_web_attacker

icann_top_level_domain_list

local_certificate_intel

local_domain_intel

local_email_intel

local_file_intel

local_http_intel

local_ip_intel

local_process_intel

local_registry_intel

local_service_intel

local_user_intel

malware_domains threatlist_domain

maxmind_geoip_asn_ipv4

maxmind_geoip_asn_ipv6

mozilla_public_suffix_list

phishtank

sans

zeus_bad_ip_blocklist

zeus_standard_ip_blocklist

0 Karma

starcher
Influencer

No. None of the included lists are of value. You are better off seeking sources within your industry such as ISACs etc

0 Karma

siddh01r
New Member

Thanks Mate. Do you have any other recommendations that you may possibly use in your environment?

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...