Can you put in the url field of the threat list a domain value? For example, these were where domains were listed xxx.yyy.zzz.org or xxx.yyy.zzz.net, etc.
So effectively: domain, category, description and risk are the 4 fields populated.
Yes
http://answers.splunk.com/answers/129858/add-domains-to-threat-lists.html
View solution in original post