Splunk Enterprise Security

What are all the URLs I need to open Splunk Enterprise Security up to for its default threat lists?

daniel333
Builder

All,

Anyone have a list of all the URL's IPs I need to open Splunk Enterprise Security up to for its threat lists? I have to get the firewall exceptions places in this week, but won't have the actual Splunk bits for a few more weeks.

thanks
-Daniel

jwelch_splunk
Splunk Employee
Splunk Employee
| rest splunk_server=local count=0 /services/data/inputs/threatlist | search url!=lookup* | table title, url

These can obviously change with future upgrades and / or releases. Also the IP's could change by the service providers as well.

jwelch_splunk
Splunk Employee
Splunk Employee

missed the part about you not having the access. excuse the formatting

alexa_top_one_million_sites
https://s3.amazonaws.com/alexa-static/top-1m.csv.zip

emerging_threats_compromised_ip_blocklist https://rules.emergingthreats.net/blockrules/compromised-ips.txt

emerging_threats_ip_blocklist
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt

hailataxii_malware
http://hailataxii.com/taxii-data

iblocklist_logmein

http://list.iblocklist.com/?list=logmein

iblocklist_piratebay

http://list.iblocklist.com/?list=nzldzlpkgrcncdomnttb

iblocklist_proxy

http://list.iblocklist.com/?list=bt_proxy

iblocklist_rapidshare

http://list.iblocklist.com/?list=zfucwtjkfwkalytktyiw

iblocklist_spyware

http://list.iblocklist.com/?list=bt_spyware

iblocklist_tor

http://list.iblocklist.com/?list=tor

iblocklist_web_attacker
http://list.iblocklist.com/?list=ghlzqtqxnzctvvajwwag

icann_top_level_domain_list
https://data.iana.org/TLD/tlds-alpha-by-domain.txt

malware_domains
http://mirror1.malwaredomains.com/files/domains.txt

maxmind_geoip_asn_ipv4 https://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum2.zip

maxmind_geoip_asn_ipv6 https://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum2v6.zip

mozilla_public_suffix_list

https://publicsuffix.org/list/effective_tld_names.dat

phishtank

https://data.phishtank.com/data/online-valid.csv.gz

sans

https://isc.sans.edu/block.txt

zeus_bad_ip_blocklist

https://zeustracker.abuse.ch/blocklist.php?download=badips

zeus_standard_ip_blocklist

https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist

0 Karma

georgen_splunk
Splunk Employee
Splunk Employee

thanks, Okie!

0 Karma
Get Updates on the Splunk Community!

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...