Splunk Enterprise Security

Splunk App for Enterprise Security: How to troubleshoot if the Threat Intelligence Source data is actually being downloaded?

Path Finder

After configuring the proxy settings for downloading the Splunk for Enterprise Security Intelligence Source data, I am still receiving errors indicating the download has failed. I know this is a reported bug, however, I want to be able to confirm this data is actually downloading. Where can I find whether or not the data is really downloading from the Threat Intelligence sources? It seems there use to be a report for this, but I can't seem to find it. Thanks.

0 Karma

Communicator

1- from the UI: Audit / Threat Intelligence Audit
2- from the command line
ls -l $SPLUNKHOME/etc/apps/SA-ThreatIntelligence/local/data/threatintel/