Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Enterprise Security: How to download threat lists with a customized Authorization HTTP header?

thomasbader
Engager
‎11-11-2016 08:19 AM

Have external threat lists to download. With them it is required to send a customized Authorization header. And no, it's not HTTP basic auth. I get a text string by the list provider and the HTTP GET request needs to have a header in the format "Authorization: thisstring". Thus I cannot use the user/password field in the configuration settings of the threat list, as they would be translated into HTTP basic auth. I need to specify the plain Authorization header, without any translation/interpretation applied.

Is there any way to do this natively in the Splunk Enterprise Security? As of now, I was using a customized Python script to do the requests. However, would be much nicer having a native feature built into the ES.

Reply

bohanlon_splunk
Splunk Employee
Splunk Employee
‎12-12-2016 02:33 AM

This is not currently a feature (as of ES=4.5.1).
Enhancement request SOLNESS-11111 logged to get this added.

Current suggested workaround is an external script as per:
http://blogs.splunk.com/2014/03/10/custom-threat-feed-integration-with-enterprise-security/

0 Karma
Reply

jacob911
New Member
‎06-03-2019 12:45 PM

Was this feature added as of version 5.3.0 ?

0 Karma
Reply

claudio_manig
Communicator
‎12-01-2016 05:59 AM

Same story here- i just opened an enhancement request CASE [422547].

0 Karma
Reply
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...