I am trying to get the FS-ISAC threat feed from my Soltra Edge box into my threatlists on Splunk Enterprise Security.
In the Threatlist audit page, my Soltra Feed has the Download status as "Taxii...
How to resolve Unable to initialize modular input "taxii" defined in the app "SA-Splice": Introspecting scheme=taxii: script running failed (exited with code 1)..
The FS-ISAC Threat Intelligence STIX TAXII has been enabled in our environment. We received all IOCs from 4/2 but did not receive any on 4/3 or 4/9. I am trying to determine what happened on those d...
Hey Guys,
We are in a Splunk Cloud environment with ES, and we have added our own TAXII feed as well as some open source TAXII feeds and we can see that they start "polling" but we never see them d...
Hi Splunkers. We are having an issue whereby a TAXII feed has stopped being incorporated into the Enterprise Security Threat Intelligence module. The feed has been working o.k. (i.e. downloading a...
Hello everyone!
Does anyone know how can I populate the "malware_alias" field with TAXII/STIX objects?
I have tried linking ThreatActors with malware instances, but nothing seemed to be working....
...assword. Splice had parameters taxii_cert_pem and taxi_cert_key. Is my understanding that ES TAXII downloads do not support these correct, or do I simply need to know the magic post parameters invocation t...
Hello Splunk Experts, My organization has splunk cloud and enterprise security. I was wondering if Splunk is capable of acting as a stix/taxii client so that I can enroll with a threat i...
I'm running Splunk Enterprise Security 4.0.1, and trying to import and match against Observables defined using Cybox Regex syntax and stored in a TAXII server. The Observables appear to be i...