Splunk Enterprise Security

Threat intelligence framework

abhinav_go
Explorer

Hi ,

Can anyone provide me approach/steps for integrating threat intelligence framework to Splunk ES.

Also , how to pull active thread feed, export offensive IP list to CSV and get hash file list from API through endpoint URL(i have that URL) using python script .

I didn't understand clearly mentioned on Splunk doc so if anyone can put it together in simplified form.

 

Thanks 

Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...

Build and Launch AI Agents from Your Splunk Workflows

  Register We’ve all been there: juggling alerts, runbooks, and endless manual searches. What if you could ...

Splunk Cloud Application Management in Terraform

Register   On Tuesday, August 4 at 11AM PDT / 2PM EDT, we’re diving into how you can bring Infrastructure as ...