Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to create rule if user visiting any malicious domain matches in Phishtank.com

pradyumnkumar
New Member
‎08-30-2018 11:18 PM

Though we have splunk app for Phishtank but was wondering if it's possible to create rule in Splunk without using the app. Just wanted to compare urls with all the weblogs if it matches with the phishtank csv and triggered an alert if it matches.

0 Karma
Reply

mstjohn_splunk
Splunk Employee
Splunk Employee
‎08-31-2018 02:20 PM

Hi @pradyumnkumar,

Can you provide more context for this problem? Did you try to do anything to solve it yourself? Go ahead and post any searches that you tried. That would be helpful for users attempting to assist you.

In general, your question has a greater chance of being answered by experts in the Answers community when you provide as much information and context as possible. Thanks.

0 Karma
Reply

renjith_nair
Legend
‎09-02-2018 12:48 AM

@pradyumnkumar, do you have some sample events ?

Ideally you could extract the URL from your web log and look up against the csv for the match and send an alert.

Happy Splunking!
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...