Is there a way to get a True or False match on sou... - Splunk Community

Splunk Search

I would like to know if there is a way to get true/false match on source IP to see tor sourced traffic over time in a time chart.

You can place the TOR exit node list into a CSV then at search time use an inputlookup like so:

index=firewall [|inputlookup torexitnodes.csv | fields exitnodeip ]

Because Tor exit nodes change constantly you will probably need to have this CSV automatically updated by a script.

Thanks

Can you please suggest from where can we download the latest tor exit nodes IP details. Thanks in advance

If you haven't found a good place for tor exit nodes, http://iplists.firehol.org/ is a great resource.

Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...