Splunk Enterprise Security

What version of the Splunk App for Enterprise Security is required for connecting to a Soltra TAXII feed?

Explorer

Does anyone know exactly what version of ES is required for connecting to a Soltra TAXII feed? According to the docs, TAXII Threat Lists are supported in 3.1.1. However after trying futilely to get it to connect, I finally did a pcap on the data, and the request Splunk is generating isn't even XML. I know that the current 3.3.0 version sports a TAXII connection to hailataxii.com as one of its standard threat feeds, so it presumably works in that ver. What about the intermediate releases: 3.2, 3.2.1, or 3.2.2?
Thanks

0 Karma

Splunk Employee
Splunk Employee