Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to create rule if user visiting any malicious domain matches in Phishtank.com

pradyumnkumar
New Member
‎08-30-2018 11:18 PM

Though we have splunk app for Phishtank but was wondering if it's possible to create rule in Splunk without using the app. Just wanted to compare urls with all the weblogs if it matches with the phishtank csv and triggered an alert if it matches.

0 Karma
Reply

mstjohn_splunk
Splunk Employee
Splunk Employee
‎08-31-2018 02:20 PM

Hi @pradyumnkumar,

Can you provide more context for this problem? Did you try to do anything to solve it yourself? Go ahead and post any searches that you tried. That would be helpful for users attempting to assist you.

In general, your question has a greater chance of being answered by experts in the Answers community when you provide as much information and context as possible. Thanks.

0 Karma
Reply

renjith_nair
Legend
‎09-02-2018 12:48 AM

@pradyumnkumar, do you have some sample events ?

Ideally you could extract the URL from your web log and look up against the csv for the match and send an alert.

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey


Introducing Unified TDIR with the New Enterprise Security 8.2

Read the blog

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...