Splunk Enterprise Security

how to create rule if user visiting any malicious domain matches in Phishtank.com

pradyumnkumar
New Member

Though we have splunk app for Phishtank but was wondering if it's possible to create rule in Splunk without using the app. Just wanted to compare urls with all the weblogs if it matches with the phishtank csv and triggered an alert if it matches.

0 Karma

mstjohn_splunk
Splunk Employee
Splunk Employee

Hi @pradyumnkumar,

Can you provide more context for this problem? Did you try to do anything to solve it yourself? Go ahead and post any searches that you tried. That would be helpful for users attempting to assist you.

In general, your question has a greater chance of being answered by experts in the Answers community when you provide as much information and context as possible. Thanks.

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

@pradyumnkumar, do you have some sample events ?

Ideally you could extract the URL from your web log and look up against the csv for the match and send an alert.

Happy Splunking!
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...