Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
51 results
Sorted by:
08-03-2022
03:35 AM
How to resolve Unable to initialize modular input "taxii" defined in the app "SA-Splice": Introspecting scheme=taxii: script running failed (exited with code 1)..
Labels
11-08-2014
07:13 PM
Hi, I have installed the Splice app and have it working for local IOC files. However I want to get it work with TAXII, and remotely IOCs.
Is anybody aware of a of a test server which can be s...
- Tags:
- SPLICE
08-23-2021
10:04 PM
1 Karma
Hi Splunkers. We are having an issue whereby a TAXII feed has stopped being incorporated into the Enterprise Security Threat Intelligence module. The feed has been working o.k. (i.e. downloading a...
- Tags:
- es
- taxii
- Threat Intel
Labels
- Labels:
-
other
06-16-2015
07:47 AM
Hi. Does the Splice or Splunk Enterprise Security app support certificate-based authentication to the taxii service such as FS-ISAC? Is there a need to use third-party integrator such as Soltra E...
Show results in replies (4)
-
Hi nyfaisal -- ES 3.3 currently only supports basic HTTP authentication over HTTP/HTTPS to a TAXII...
-
Which feed should I point to for FS-ISAC? taxii.py" Received a Status Message in response. S...
-
I get taxii.py" taxii_cert_pem or taxii_cert_key doesn't exists error, even though the pem and k...
-
Splice and Enterprise Security 3.3 allows you to connect directly to any TAXII feed (it's a s...
04-13-2020
10:50 AM
The FS-ISAC Threat Intelligence STIX TAXII has been enabled in our environment. We received all IOCs from 4/2 but did not receive any on 4/3 or 4/9. I am trying to determine what happened on those d...
06-20-2018
05:46 AM
Hello everyone!
Does anyone know how can I populate the "malware_alias" field with TAXII/STIX objects?
I have tried linking ThreatActors with malware instances, but nothing seemed to be working....
05-23-2016
08:00 AM
2 Karma
I am trying to get the FS-ISAC threat feed from my Soltra Edge box into my threatlists on Splunk Enterprise Security.
In the Threatlist audit page, my Soltra Feed has the Download status as "Taxii...
06-23-2018
03:28 AM
...assword. Splice had parameters taxii_cert_pem and taxi_cert_key. Is my understanding that ES TAXII downloads do not support these correct, or do I simply need to know the magic post parameters invocation t...
05-04-2020
11:59 AM
1 Karma
Hey Guys,
We are in a Splunk Cloud environment with ES, and we have added our own TAXII feed as well as some open source TAXII feeds and we can see that they start "polling" but we never see them d...
Labels
12-15-2020
09:12 AM
Hello Splunk Experts, My organization has splunk cloud and enterprise security. I was wondering if Splunk is capable of acting as a stix/taxii client so that I can enroll with a threat i...
Labels
- Labels:
-
administration
