This add-on collects threat indicators published by AusCERT and indexes them in Splunk. It can collect indicators from the AusCERT malware and phishing feeds. This runs as a modular input which gather the data from the AusCERT API. A valid AusCERT API key is required. Additionally, a disabled scheduled search will push these indicators into the Splunk for Enterprise Security threat intelligence framework. Enable this saved search if you are running this add-on with Splunk ES. The author of this add-on is not associated with AusCERT and cannot support the use of the API: please contact AusCERT directly for any API issues.