Hi ,
Can anyone provide me approach/steps for integrating threat intelligence framework to Splunk ES.
Also , how to pull active thread feed, export offensive IP list to CSV and get hash file list from API through endpoint URL(i have that URL) using python script .
I didn't understand clearly mentioned on Splunk doc so if anyone can put it together in simplified form.
Thanks