Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question

Splunk App for Enterprise Security: How to troubleshoot if the Threat Intelligence Source data is actually being downloaded?

trross33
Path Finder
โ€Ž10-16-2015 01:59 PM

After configuring the proxy settings for downloading the Splunk for Enterprise Security Intelligence Source data, I am still receiving errors indicating the download has failed. I know this is a reported bug, however, I want to be able to confirm this data is actually downloading. Where can I find whether or not the data is really downloading from the Threat Intelligence sources? It seems there use to be a report for this, but I can't seem to find it. Thanks.

0 Karma
Reply

greich
Communicator
โ€Ž06-03-2016 07:11 AM

1- from the UI: Audit / Threat Intelligence Audit
2- from the command line
ls -l $SPLUNKHOME/etc/apps/SA-ThreatIntelligence/local/data/threatintel/

Reply