Splunk Enterprise Security

how to create rule if user visiting any malicious domain matches in Phishtank.com

pradyumnkumar
New Member

Though we have splunk app for Phishtank but was wondering if it's possible to create rule in Splunk without using the app. Just wanted to compare urls with all the weblogs if it matches with the phishtank csv and triggered an alert if it matches.

0 Karma

mstjohn_splunk
Splunk Employee
Splunk Employee

Hi @pradyumnkumar,

Can you provide more context for this problem? Did you try to do anything to solve it yourself? Go ahead and post any searches that you tried. That would be helpful for users attempting to assist you.

In general, your question has a greater chance of being answered by experts in the Answers community when you provide as much information and context as possible. Thanks.

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

@pradyumnkumar, do you have some sample events ?

Ideally you could extract the URL from your web log and look up against the csv for the match and send an alert.

Happy Splunking!
0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...