Splunk Enterprise Security

What are all the URLs I need to open Splunk Enterprise Security up to for its default threat lists?

daniel333
Builder

All,

Anyone have a list of all the URL's IPs I need to open Splunk Enterprise Security up to for its threat lists? I have to get the firewall exceptions places in this week, but won't have the actual Splunk bits for a few more weeks.

thanks
-Daniel

jwelch_splunk
Splunk Employee
Splunk Employee
| rest splunk_server=local count=0 /services/data/inputs/threatlist | search url!=lookup* | table title, url

These can obviously change with future upgrades and / or releases. Also the IP's could change by the service providers as well.

jwelch_splunk
Splunk Employee
Splunk Employee

missed the part about you not having the access. excuse the formatting

alexa_top_one_million_sites
https://s3.amazonaws.com/alexa-static/top-1m.csv.zip

emerging_threats_compromised_ip_blocklist https://rules.emergingthreats.net/blockrules/compromised-ips.txt

emerging_threats_ip_blocklist
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt

hailataxii_malware
http://hailataxii.com/taxii-data

iblocklist_logmein

http://list.iblocklist.com/?list=logmein

iblocklist_piratebay

http://list.iblocklist.com/?list=nzldzlpkgrcncdomnttb

iblocklist_proxy

http://list.iblocklist.com/?list=bt_proxy

iblocklist_rapidshare

http://list.iblocklist.com/?list=zfucwtjkfwkalytktyiw

iblocklist_spyware

http://list.iblocklist.com/?list=bt_spyware

iblocklist_tor

http://list.iblocklist.com/?list=tor

iblocklist_web_attacker
http://list.iblocklist.com/?list=ghlzqtqxnzctvvajwwag

icann_top_level_domain_list
https://data.iana.org/TLD/tlds-alpha-by-domain.txt

malware_domains
http://mirror1.malwaredomains.com/files/domains.txt

maxmind_geoip_asn_ipv4 https://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum2.zip

maxmind_geoip_asn_ipv6 https://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum2v6.zip

mozilla_public_suffix_list

https://publicsuffix.org/list/effective_tld_names.dat

phishtank

https://data.phishtank.com/data/online-valid.csv.gz

sans

https://isc.sans.edu/block.txt

zeus_bad_ip_blocklist

https://zeustracker.abuse.ch/blocklist.php?download=badips

zeus_standard_ip_blocklist

https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist

0 Karma

georgen_splunk
Splunk Employee
Splunk Employee

thanks, Okie!

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...