Splunk Search

Splunk ES Threat Intelligence TAXII feed with API POST Argument

elend
Path Finder

Did someone ever faced or implementing this on Splunk ES?. Im facing an issue when try add TAXII feed from OTX API connection,

i already check the connectivity, and made some changes on the configuration until disable the prefered captain on my search head, but it still not resolved. I also know there is an app for this, but just want to clarify are this option still supported or not.

Here my POST argument

URL: https://otx.alienvault.com/taxii/discovery
POST Argument: collection="user_otx" taxii_username="API key" taxii_password="foo"

But the download status keep on TAXII feed pooling starting, and when i check on the PID information 

status="This modular input does not execute on search head cluster member" msg="will_execute"="false" config="SHC" msg="Deselected based on SHC primary selection algorithm" primary_host="None" use_alpha="None" exclude_primary="None"

 

Labels (1)
Tags (2)
0 Karma

JohnEGones
Communicator

elend
Path Finder

yes, I already follow that source too.

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...