Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to create rule if user visiting any malicious domain matches in Phishtank.com

pradyumnkumar
New Member
‎08-30-2018 11:18 PM

Though we have splunk app for Phishtank but was wondering if it's possible to create rule in Splunk without using the app. Just wanted to compare urls with all the weblogs if it matches with the phishtank csv and triggered an alert if it matches.

0 Karma
Reply

mstjohn_splunk
Splunk Employee
Splunk Employee
‎08-31-2018 02:20 PM

Hi @pradyumnkumar,

Can you provide more context for this problem? Did you try to do anything to solve it yourself? Go ahead and post any searches that you tried. That would be helpful for users attempting to assist you.

In general, your question has a greater chance of being answered by experts in the Answers community when you provide as much information and context as possible. Thanks.

0 Karma
Reply

renjith_nair
Legend
‎09-02-2018 12:48 AM

@pradyumnkumar, do you have some sample events ?

Ideally you could extract the URL from your web log and look up against the csv for the match and send an alert.

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...