Though we have splunk app for Phishtank but was wondering if it's possible to create rule in Splunk without using the app. Just wanted to compare urls with all the weblogs if it matches with the phishtank csv and triggered an alert if it matches.
Hi @pradyumnkumar,
Can you provide more context for this problem? Did you try to do anything to solve it yourself? Go ahead and post any searches that you tried. That would be helpful for users attempting to assist you.
In general, your question has a greater chance of being answered by experts in the Answers community when you provide as much information and context as possible. Thanks.
@pradyumnkumar, do you have some sample events ?
Ideally you could extract the URL from your web log and look up against the csv for the match and send an alert.