What version of the Splunk App for Enterprise Secu...

johnmccash · ‎06-29-2015

Does anyone know exactly what version of ES is required for connecting to a Soltra TAXII feed? According to the docs, TAXII Threat Lists are supported in 3.1.1. However after trying futilely to get it to connect, I finally did a pcap on the data, and the request Splunk is generating isn't even XML. I know that the current 3.3.0 version sports a TAXII connection to hailataxii.com as one of its standard threat feeds, so it presumably works in that ver. What about the intermediate releases: 3.2, 3.2.1, or 3.2.2?
Thanks

cleroux_splunk · ‎06-29-2015

Integration with STIX/TAXII start with ES 3.3

http://www.splunk.com/view/splunk-app-for-enterprise-security-doubles-customer-base/SP-CAAANZE

What version of the Splunk App for Enterprise Security is required for connecting to a Soltra TAXII feed?

Best of Community @.conf20
Humans That Splunk: Meet Abhishek...
Humans That Splunk: Meet Guiseppe...

Visit our Community Blog >

What version of the Splunk App for Enterprise Security is required for connecting to a Soltra TAXII feed?

Best of Community @.conf20 Humans That Splunk: Meet Abhishek... Humans That Splunk: Meet Guiseppe... Visit our Community Blog >

Best of Community @.conf20
Humans That Splunk: Meet Abhishek...
Humans That Splunk: Meet Guiseppe...

Visit our Community Blog >