Splunk Enterprise Security

What version of the Splunk App for Enterprise Security is required for connecting to a Soltra TAXII feed?

johnmccash
Explorer

Does anyone know exactly what version of ES is required for connecting to a Soltra TAXII feed? According to the docs, TAXII Threat Lists are supported in 3.1.1. However after trying futilely to get it to connect, I finally did a pcap on the data, and the request Splunk is generating isn't even XML. I know that the current 3.3.0 version sports a TAXII connection to hailataxii.com as one of its standard threat feeds, so it presumably works in that ver. What about the intermediate releases: 3.2, 3.2.1, or 3.2.2?
Thanks

0 Karma

cleroux_splunk
Splunk Employee
Splunk Employee
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...